@azure/msal-common 16.0.0-beta.0 → 16.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (500) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.mjs +1 -1
  17. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  18. package/dist/cache/utils/AccountEntityUtils.mjs +1 -1
  19. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  20. package/dist/client/AuthorizationCodeClient.mjs +1 -1
  21. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  22. package/dist/client/RefreshTokenClient.mjs +11 -7
  23. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  24. package/dist/client/SilentFlowClient.mjs +1 -1
  25. package/dist/config/ClientConfiguration.mjs +1 -1
  26. package/dist/constants/AADServerParamKeys.mjs +1 -1
  27. package/dist/crypto/ICrypto.mjs +1 -1
  28. package/dist/crypto/JoseHeader.mjs +1 -1
  29. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  30. package/dist/error/AuthError.mjs +1 -1
  31. package/dist/error/AuthErrorCodes.mjs +1 -1
  32. package/dist/error/CacheError.mjs +1 -1
  33. package/dist/error/CacheErrorCodes.mjs +1 -1
  34. package/dist/error/ClientAuthError.mjs +1 -1
  35. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  36. package/dist/error/ClientConfigurationError.mjs +1 -1
  37. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  38. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  39. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  40. package/dist/error/JoseHeaderError.mjs +1 -1
  41. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  42. package/dist/error/NetworkError.mjs +1 -1
  43. package/dist/error/PlatformBrokerError.mjs +1 -1
  44. package/dist/error/ServerError.mjs +1 -1
  45. package/dist/index-node.mjs +1 -1
  46. package/dist/index.mjs +1 -1
  47. package/dist/logger/Logger.mjs +1 -1
  48. package/dist/network/INetworkModule.mjs +1 -1
  49. package/dist/network/RequestThumbprint.mjs +1 -1
  50. package/dist/network/ThrottlingUtils.mjs +1 -1
  51. package/dist/packageMetadata.d.ts +1 -1
  52. package/dist/packageMetadata.d.ts.map +1 -1
  53. package/dist/packageMetadata.mjs +2 -2
  54. package/dist/protocol/Authorize.mjs +1 -1
  55. package/dist/protocol/Token.mjs +1 -1
  56. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  57. package/dist/request/BaseAuthRequest.d.ts +63 -20
  58. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  59. package/dist/request/CommonAuthorizationCodeRequest.d.ts +18 -13
  60. package/dist/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
  61. package/dist/request/CommonAuthorizationUrlRequest.d.ts +48 -27
  62. package/dist/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
  63. package/dist/request/CommonEndSessionRequest.d.ts +21 -7
  64. package/dist/request/CommonEndSessionRequest.d.ts.map +1 -1
  65. package/dist/request/CommonRefreshTokenRequest.d.ts +12 -10
  66. package/dist/request/CommonRefreshTokenRequest.d.ts.map +1 -1
  67. package/dist/request/CommonSilentFlowRequest.d.ts +12 -14
  68. package/dist/request/CommonSilentFlowRequest.d.ts.map +1 -1
  69. package/dist/request/RequestParameterBuilder.mjs +1 -1
  70. package/dist/request/ScopeSet.mjs +1 -1
  71. package/dist/response/ResponseHandler.d.ts.map +1 -1
  72. package/dist/response/ResponseHandler.mjs +2 -1
  73. package/dist/response/ResponseHandler.mjs.map +1 -1
  74. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  75. package/dist/telemetry/performance/PerformanceEvent.d.ts +3 -1
  76. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  77. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  78. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  79. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  80. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  81. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  82. package/dist/url/UrlString.mjs +1 -1
  83. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  84. package/dist/utils/Constants.mjs +1 -1
  85. package/dist/utils/FunctionWrappers.mjs +1 -1
  86. package/dist/utils/ProtocolUtils.mjs +1 -1
  87. package/dist/utils/StringUtils.mjs +1 -1
  88. package/dist/utils/TimeUtils.mjs +1 -1
  89. package/dist/utils/UrlUtils.mjs +1 -1
  90. package/dist-browser/account/AccountInfo.d.ts +71 -0
  91. package/dist-browser/account/AccountInfo.d.ts.map +1 -0
  92. package/dist-browser/account/AccountInfo.mjs +85 -0
  93. package/dist-browser/account/AccountInfo.mjs.map +1 -0
  94. package/dist-browser/account/AuthToken.d.ts +24 -0
  95. package/dist-browser/account/AuthToken.d.ts.map +1 -0
  96. package/dist-browser/account/AuthToken.mjs +85 -0
  97. package/dist-browser/account/AuthToken.mjs.map +1 -0
  98. package/dist-browser/account/CcsCredential.d.ts +10 -0
  99. package/dist-browser/account/CcsCredential.d.ts.map +1 -0
  100. package/dist-browser/account/CcsCredential.mjs +13 -0
  101. package/dist-browser/account/CcsCredential.mjs.map +1 -0
  102. package/dist-browser/account/ClientCredentials.d.ts +20 -0
  103. package/dist-browser/account/ClientCredentials.d.ts.map +1 -0
  104. package/dist-browser/account/ClientInfo.d.ts +23 -0
  105. package/dist-browser/account/ClientInfo.d.ts.map +1 -0
  106. package/dist-browser/account/ClientInfo.mjs +44 -0
  107. package/dist-browser/account/ClientInfo.mjs.map +1 -0
  108. package/dist-browser/account/TokenClaims.d.ts +88 -0
  109. package/dist-browser/account/TokenClaims.d.ts.map +1 -0
  110. package/dist-browser/account/TokenClaims.mjs +25 -0
  111. package/dist-browser/account/TokenClaims.mjs.map +1 -0
  112. package/dist-browser/authority/Authority.d.ts +255 -0
  113. package/dist-browser/authority/Authority.d.ts.map +1 -0
  114. package/dist-browser/authority/Authority.mjs +841 -0
  115. package/dist-browser/authority/Authority.mjs.map +1 -0
  116. package/dist-browser/authority/AuthorityFactory.d.ts +23 -0
  117. package/dist-browser/authority/AuthorityFactory.d.ts.map +1 -0
  118. package/dist-browser/authority/AuthorityFactory.mjs +42 -0
  119. package/dist-browser/authority/AuthorityFactory.mjs.map +1 -0
  120. package/dist-browser/authority/AuthorityMetadata.d.ts +44 -0
  121. package/dist-browser/authority/AuthorityMetadata.d.ts.map +1 -0
  122. package/dist-browser/authority/AuthorityMetadata.mjs +146 -0
  123. package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -0
  124. package/dist-browser/authority/AuthorityOptions.d.ts +27 -0
  125. package/dist-browser/authority/AuthorityOptions.d.ts.map +1 -0
  126. package/dist-browser/authority/AuthorityOptions.mjs +23 -0
  127. package/dist-browser/authority/AuthorityOptions.mjs.map +1 -0
  128. package/dist-browser/authority/AuthorityType.d.ts +11 -0
  129. package/dist-browser/authority/AuthorityType.d.ts.map +1 -0
  130. package/dist-browser/authority/AuthorityType.mjs +18 -0
  131. package/dist-browser/authority/AuthorityType.mjs.map +1 -0
  132. package/dist-browser/authority/AzureRegion.d.ts +2 -0
  133. package/dist-browser/authority/AzureRegion.d.ts.map +1 -0
  134. package/dist-browser/authority/AzureRegionConfiguration.d.ts +6 -0
  135. package/dist-browser/authority/AzureRegionConfiguration.d.ts.map +1 -0
  136. package/dist-browser/authority/CloudDiscoveryMetadata.d.ts +6 -0
  137. package/dist-browser/authority/CloudDiscoveryMetadata.d.ts.map +1 -0
  138. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.d.ts +14 -0
  139. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.d.ts.map +1 -0
  140. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +13 -0
  141. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs.map +1 -0
  142. package/dist-browser/authority/CloudInstanceDiscoveryResponse.d.ts +10 -0
  143. package/dist-browser/authority/CloudInstanceDiscoveryResponse.d.ts.map +1 -0
  144. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +13 -0
  145. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs.map +1 -0
  146. package/dist-browser/authority/ImdsOptions.d.ts +6 -0
  147. package/dist-browser/authority/ImdsOptions.d.ts.map +1 -0
  148. package/dist-browser/authority/OIDCOptions.d.ts +9 -0
  149. package/dist-browser/authority/OIDCOptions.d.ts.map +1 -0
  150. package/dist-browser/authority/OpenIdConfigResponse.d.ts +12 -0
  151. package/dist-browser/authority/OpenIdConfigResponse.d.ts.map +1 -0
  152. package/dist-browser/authority/OpenIdConfigResponse.mjs +15 -0
  153. package/dist-browser/authority/OpenIdConfigResponse.mjs.map +1 -0
  154. package/dist-browser/authority/ProtocolMode.d.ts +20 -0
  155. package/dist-browser/authority/ProtocolMode.d.ts.map +1 -0
  156. package/dist-browser/authority/ProtocolMode.mjs +27 -0
  157. package/dist-browser/authority/ProtocolMode.mjs.map +1 -0
  158. package/dist-browser/authority/RegionDiscovery.d.ts +33 -0
  159. package/dist-browser/authority/RegionDiscovery.d.ts.map +1 -0
  160. package/dist-browser/authority/RegionDiscovery.mjs +111 -0
  161. package/dist-browser/authority/RegionDiscovery.mjs.map +1 -0
  162. package/dist-browser/authority/RegionDiscoveryMetadata.d.ts +7 -0
  163. package/dist-browser/authority/RegionDiscoveryMetadata.d.ts.map +1 -0
  164. package/dist-browser/broker/nativeBroker/INativeBrokerPlugin.d.ts +17 -0
  165. package/dist-browser/broker/nativeBroker/INativeBrokerPlugin.d.ts.map +1 -0
  166. package/dist-browser/cache/CacheManager.d.ts +478 -0
  167. package/dist-browser/cache/CacheManager.d.ts.map +1 -0
  168. package/dist-browser/cache/CacheManager.mjs +1111 -0
  169. package/dist-browser/cache/CacheManager.mjs.map +1 -0
  170. package/dist-browser/cache/entities/AccessTokenEntity.d.ts +22 -0
  171. package/dist-browser/cache/entities/AccessTokenEntity.d.ts.map +1 -0
  172. package/dist-browser/cache/entities/AccountEntity.d.ts +45 -0
  173. package/dist-browser/cache/entities/AccountEntity.d.ts.map +1 -0
  174. package/dist-browser/cache/entities/AppMetadataEntity.d.ts +12 -0
  175. package/dist-browser/cache/entities/AppMetadataEntity.d.ts.map +1 -0
  176. package/dist-browser/cache/entities/AuthorityMetadataEntity.d.ts +16 -0
  177. package/dist-browser/cache/entities/AuthorityMetadataEntity.d.ts.map +1 -0
  178. package/dist-browser/cache/entities/CacheRecord.d.ts +14 -0
  179. package/dist-browser/cache/entities/CacheRecord.d.ts.map +1 -0
  180. package/dist-browser/cache/entities/CredentialEntity.d.ts +31 -0
  181. package/dist-browser/cache/entities/CredentialEntity.d.ts.map +1 -0
  182. package/dist-browser/cache/entities/IdTokenEntity.d.ts +9 -0
  183. package/dist-browser/cache/entities/IdTokenEntity.d.ts.map +1 -0
  184. package/dist-browser/cache/entities/RefreshTokenEntity.d.ts +8 -0
  185. package/dist-browser/cache/entities/RefreshTokenEntity.d.ts.map +1 -0
  186. package/dist-browser/cache/entities/ServerTelemetryEntity.d.ts +7 -0
  187. package/dist-browser/cache/entities/ServerTelemetryEntity.d.ts.map +1 -0
  188. package/dist-browser/cache/entities/ThrottlingEntity.d.ts +8 -0
  189. package/dist-browser/cache/entities/ThrottlingEntity.d.ts.map +1 -0
  190. package/dist-browser/cache/interface/ICacheManager.d.ts +188 -0
  191. package/dist-browser/cache/interface/ICacheManager.d.ts.map +1 -0
  192. package/dist-browser/cache/interface/ICachePlugin.d.ts +6 -0
  193. package/dist-browser/cache/interface/ICachePlugin.d.ts.map +1 -0
  194. package/dist-browser/cache/interface/ISerializableTokenCache.d.ts +5 -0
  195. package/dist-browser/cache/interface/ISerializableTokenCache.d.ts.map +1 -0
  196. package/dist-browser/cache/persistence/TokenCacheContext.d.ts +24 -0
  197. package/dist-browser/cache/persistence/TokenCacheContext.d.ts.map +1 -0
  198. package/dist-browser/cache/persistence/TokenCacheContext.mjs +30 -0
  199. package/dist-browser/cache/persistence/TokenCacheContext.mjs.map +1 -0
  200. package/dist-browser/cache/utils/AccountEntityUtils.d.ts +53 -0
  201. package/dist-browser/cache/utils/AccountEntityUtils.d.ts.map +1 -0
  202. package/dist-browser/cache/utils/AccountEntityUtils.mjs +192 -0
  203. package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -0
  204. package/dist-browser/cache/utils/CacheHelpers.d.ts +86 -0
  205. package/dist-browser/cache/utils/CacheHelpers.d.ts.map +1 -0
  206. package/dist-browser/cache/utils/CacheHelpers.mjs +267 -0
  207. package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -0
  208. package/dist-browser/cache/utils/CacheTypes.d.ts +69 -0
  209. package/dist-browser/cache/utils/CacheTypes.d.ts.map +1 -0
  210. package/dist-browser/client/AuthorizationCodeClient.d.ts +64 -0
  211. package/dist-browser/client/AuthorizationCodeClient.d.ts.map +1 -0
  212. package/dist-browser/client/AuthorizationCodeClient.mjs +287 -0
  213. package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -0
  214. package/dist-browser/client/RefreshTokenClient.d.ts +49 -0
  215. package/dist-browser/client/RefreshTokenClient.d.ts.map +1 -0
  216. package/dist-browser/client/RefreshTokenClient.mjs +254 -0
  217. package/dist-browser/client/RefreshTokenClient.mjs.map +1 -0
  218. package/dist-browser/client/SilentFlowClient.d.ts +35 -0
  219. package/dist-browser/client/SilentFlowClient.d.ts.map +1 -0
  220. package/dist-browser/client/SilentFlowClient.mjs +125 -0
  221. package/dist-browser/client/SilentFlowClient.mjs.map +1 -0
  222. package/dist-browser/config/AppTokenProvider.d.ts +39 -0
  223. package/dist-browser/config/AppTokenProvider.d.ts.map +1 -0
  224. package/dist-browser/config/ClientConfiguration.d.ts +143 -0
  225. package/dist-browser/config/ClientConfiguration.d.ts.map +1 -0
  226. package/dist-browser/config/ClientConfiguration.mjs +107 -0
  227. package/dist-browser/config/ClientConfiguration.mjs.map +1 -0
  228. package/dist-browser/constants/AADServerParamKeys.d.ts +59 -0
  229. package/dist-browser/constants/AADServerParamKeys.d.ts.map +1 -0
  230. package/dist-browser/constants/AADServerParamKeys.mjs +67 -0
  231. package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -0
  232. package/dist-browser/crypto/ICrypto.d.ts +71 -0
  233. package/dist-browser/crypto/ICrypto.d.ts.map +1 -0
  234. package/dist-browser/crypto/ICrypto.mjs +44 -0
  235. package/dist-browser/crypto/ICrypto.mjs.map +1 -0
  236. package/dist-browser/crypto/IGuidGenerator.d.ts +5 -0
  237. package/dist-browser/crypto/IGuidGenerator.d.ts.map +1 -0
  238. package/dist-browser/crypto/JoseHeader.d.ts +23 -0
  239. package/dist-browser/crypto/JoseHeader.d.ts.map +1 -0
  240. package/dist-browser/crypto/JoseHeader.mjs +46 -0
  241. package/dist-browser/crypto/JoseHeader.mjs.map +1 -0
  242. package/dist-browser/crypto/PopTokenGenerator.d.ts +60 -0
  243. package/dist-browser/crypto/PopTokenGenerator.d.ts.map +1 -0
  244. package/dist-browser/crypto/PopTokenGenerator.mjs +87 -0
  245. package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -0
  246. package/dist-browser/crypto/SignedHttpRequest.d.ts +16 -0
  247. package/dist-browser/crypto/SignedHttpRequest.d.ts.map +1 -0
  248. package/dist-browser/error/AuthError.d.ts +33 -0
  249. package/dist-browser/error/AuthError.d.ts.map +1 -0
  250. package/dist-browser/error/AuthError.mjs +34 -0
  251. package/dist-browser/error/AuthError.mjs.map +1 -0
  252. package/dist-browser/error/AuthErrorCodes.d.ts +6 -0
  253. package/dist-browser/error/AuthErrorCodes.d.ts.map +1 -0
  254. package/dist-browser/error/AuthErrorCodes.mjs +14 -0
  255. package/dist-browser/error/AuthErrorCodes.mjs.map +1 -0
  256. package/dist-browser/error/CacheError.d.ts +23 -0
  257. package/dist-browser/error/CacheError.d.ts.map +1 -0
  258. package/dist-browser/error/CacheError.mjs +45 -0
  259. package/dist-browser/error/CacheError.mjs.map +1 -0
  260. package/dist-browser/error/CacheErrorCodes.d.ts +3 -0
  261. package/dist-browser/error/CacheErrorCodes.d.ts.map +1 -0
  262. package/dist-browser/error/CacheErrorCodes.mjs +11 -0
  263. package/dist-browser/error/CacheErrorCodes.mjs.map +1 -0
  264. package/dist-browser/error/ClientAuthError.d.ts +14 -0
  265. package/dist-browser/error/ClientAuthError.d.ts.map +1 -0
  266. package/dist-browser/error/ClientAuthError.mjs +27 -0
  267. package/dist-browser/error/ClientAuthError.mjs.map +1 -0
  268. package/dist-browser/error/ClientAuthErrorCodes.d.ts +38 -0
  269. package/dist-browser/error/ClientAuthErrorCodes.d.ts.map +1 -0
  270. package/dist-browser/error/ClientAuthErrorCodes.mjs +46 -0
  271. package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -0
  272. package/dist-browser/error/ClientConfigurationError.d.ts +11 -0
  273. package/dist-browser/error/ClientConfigurationError.d.ts.map +1 -0
  274. package/dist-browser/error/ClientConfigurationError.mjs +24 -0
  275. package/dist-browser/error/ClientConfigurationError.mjs.map +1 -0
  276. package/dist-browser/error/ClientConfigurationErrorCodes.d.ts +23 -0
  277. package/dist-browser/error/ClientConfigurationErrorCodes.d.ts.map +1 -0
  278. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +31 -0
  279. package/dist-browser/error/ClientConfigurationErrorCodes.mjs.map +1 -0
  280. package/dist-browser/error/InteractionRequiredAuthError.d.ts +48 -0
  281. package/dist-browser/error/InteractionRequiredAuthError.d.ts.map +1 -0
  282. package/dist-browser/error/InteractionRequiredAuthError.mjs +73 -0
  283. package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -0
  284. package/dist-browser/error/InteractionRequiredAuthErrorCodes.d.ts +9 -0
  285. package/dist-browser/error/InteractionRequiredAuthErrorCodes.d.ts.map +1 -0
  286. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +19 -0
  287. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs.map +1 -0
  288. package/dist-browser/error/JoseHeaderError.d.ts +12 -0
  289. package/dist-browser/error/JoseHeaderError.d.ts.map +1 -0
  290. package/dist-browser/error/JoseHeaderError.mjs +25 -0
  291. package/dist-browser/error/JoseHeaderError.mjs.map +1 -0
  292. package/dist-browser/error/JoseHeaderErrorCodes.d.ts +3 -0
  293. package/dist-browser/error/JoseHeaderErrorCodes.d.ts.map +1 -0
  294. package/dist-browser/error/JoseHeaderErrorCodes.mjs +11 -0
  295. package/dist-browser/error/JoseHeaderErrorCodes.mjs.map +1 -0
  296. package/dist-browser/error/NetworkError.d.ts +19 -0
  297. package/dist-browser/error/NetworkError.d.ts.map +1 -0
  298. package/dist-browser/error/NetworkError.mjs +35 -0
  299. package/dist-browser/error/NetworkError.mjs.map +1 -0
  300. package/dist-browser/error/PlatformBrokerError.d.ts +16 -0
  301. package/dist-browser/error/PlatformBrokerError.d.ts.map +1 -0
  302. package/dist-browser/error/PlatformBrokerError.mjs +49 -0
  303. package/dist-browser/error/PlatformBrokerError.mjs.map +1 -0
  304. package/dist-browser/error/ServerError.d.ts +16 -0
  305. package/dist-browser/error/ServerError.d.ts.map +1 -0
  306. package/dist-browser/error/ServerError.mjs +23 -0
  307. package/dist-browser/error/ServerError.mjs.map +1 -0
  308. package/dist-browser/exports-browser-only.d.ts +11 -0
  309. package/dist-browser/exports-browser-only.d.ts.map +1 -0
  310. package/dist-browser/exports-common.d.ts +86 -0
  311. package/dist-browser/exports-common.d.ts.map +1 -0
  312. package/dist-browser/exports-node-only.d.ts +16 -0
  313. package/dist-browser/exports-node-only.d.ts.map +1 -0
  314. package/dist-browser/index-browser.d.ts +7 -0
  315. package/dist-browser/index-browser.d.ts.map +1 -0
  316. package/dist-browser/index-browser.mjs +78 -0
  317. package/dist-browser/index-browser.mjs.map +1 -0
  318. package/dist-browser/index-node.d.ts +7 -0
  319. package/dist-browser/index-node.d.ts.map +1 -0
  320. package/dist-browser/index.d.ts +12 -0
  321. package/dist-browser/index.d.ts.map +1 -0
  322. package/dist-browser/index.mjs +82 -0
  323. package/dist-browser/index.mjs.map +1 -0
  324. package/dist-browser/log-strings-mapping.json +383 -0
  325. package/dist-browser/logger/Logger.d.ts +119 -0
  326. package/dist-browser/logger/Logger.d.ts.map +1 -0
  327. package/dist-browser/logger/Logger.mjs +278 -0
  328. package/dist-browser/logger/Logger.mjs.map +1 -0
  329. package/dist-browser/network/INetworkModule.d.ts +30 -0
  330. package/dist-browser/network/INetworkModule.d.ts.map +1 -0
  331. package/dist-browser/network/INetworkModule.mjs +20 -0
  332. package/dist-browser/network/INetworkModule.mjs.map +1 -0
  333. package/dist-browser/network/NetworkResponse.d.ts +6 -0
  334. package/dist-browser/network/NetworkResponse.d.ts.map +1 -0
  335. package/dist-browser/network/RequestThumbprint.d.ts +22 -0
  336. package/dist-browser/network/RequestThumbprint.d.ts.map +1 -0
  337. package/dist-browser/network/RequestThumbprint.mjs +24 -0
  338. package/dist-browser/network/RequestThumbprint.mjs.map +1 -0
  339. package/dist-browser/network/ThrottlingUtils.d.ts +43 -0
  340. package/dist-browser/network/ThrottlingUtils.d.ts.map +1 -0
  341. package/dist-browser/network/ThrottlingUtils.mjs +92 -0
  342. package/dist-browser/network/ThrottlingUtils.mjs.map +1 -0
  343. package/dist-browser/packageMetadata.d.ts +3 -0
  344. package/dist-browser/packageMetadata.d.ts.map +1 -0
  345. package/dist-browser/packageMetadata.mjs +8 -0
  346. package/dist-browser/packageMetadata.mjs.map +1 -0
  347. package/dist-browser/protocol/Authorize.d.ts +37 -0
  348. package/dist-browser/protocol/Authorize.d.ts.map +1 -0
  349. package/dist-browser/protocol/Authorize.mjs +237 -0
  350. package/dist-browser/protocol/Authorize.mjs.map +1 -0
  351. package/dist-browser/protocol/Token.d.ts +40 -0
  352. package/dist-browser/protocol/Token.d.ts.map +1 -0
  353. package/dist-browser/protocol/Token.mjs +129 -0
  354. package/dist-browser/protocol/Token.mjs.map +1 -0
  355. package/dist-browser/request/AuthenticationHeaderParser.d.ts +20 -0
  356. package/dist-browser/request/AuthenticationHeaderParser.d.ts.map +1 -0
  357. package/dist-browser/request/AuthenticationHeaderParser.mjs +64 -0
  358. package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -0
  359. package/dist-browser/request/BaseAuthRequest.d.ts +95 -0
  360. package/dist-browser/request/BaseAuthRequest.d.ts.map +1 -0
  361. package/dist-browser/request/CommonAuthorizationCodeRequest.d.ts +32 -0
  362. package/dist-browser/request/CommonAuthorizationCodeRequest.d.ts.map +1 -0
  363. package/dist-browser/request/CommonAuthorizationUrlRequest.d.ts +71 -0
  364. package/dist-browser/request/CommonAuthorizationUrlRequest.d.ts.map +1 -0
  365. package/dist-browser/request/CommonEndSessionRequest.d.ts +36 -0
  366. package/dist-browser/request/CommonEndSessionRequest.d.ts.map +1 -0
  367. package/dist-browser/request/CommonRefreshTokenRequest.d.ts +24 -0
  368. package/dist-browser/request/CommonRefreshTokenRequest.d.ts.map +1 -0
  369. package/dist-browser/request/CommonSilentFlowRequest.d.ts +24 -0
  370. package/dist-browser/request/CommonSilentFlowRequest.d.ts.map +1 -0
  371. package/dist-browser/request/NativeRequest.d.ts +20 -0
  372. package/dist-browser/request/NativeRequest.d.ts.map +1 -0
  373. package/dist-browser/request/NativeSignOutRequest.d.ts +6 -0
  374. package/dist-browser/request/NativeSignOutRequest.d.ts.map +1 -0
  375. package/dist-browser/request/RequestParameterBuilder.d.ts +217 -0
  376. package/dist-browser/request/RequestParameterBuilder.d.ts.map +1 -0
  377. package/dist-browser/request/RequestParameterBuilder.mjs +410 -0
  378. package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -0
  379. package/dist-browser/request/ScopeSet.d.ts +83 -0
  380. package/dist-browser/request/ScopeSet.d.ts.map +1 -0
  381. package/dist-browser/request/ScopeSet.mjs +204 -0
  382. package/dist-browser/request/ScopeSet.mjs.map +1 -0
  383. package/dist-browser/request/StoreInCache.d.ts +9 -0
  384. package/dist-browser/request/StoreInCache.d.ts.map +1 -0
  385. package/dist-browser/response/AuthenticationResult.d.ts +42 -0
  386. package/dist-browser/response/AuthenticationResult.d.ts.map +1 -0
  387. package/dist-browser/response/AuthorizationCodePayload.d.ts +14 -0
  388. package/dist-browser/response/AuthorizationCodePayload.d.ts.map +1 -0
  389. package/dist-browser/response/AuthorizeResponse.d.ts +76 -0
  390. package/dist-browser/response/AuthorizeResponse.d.ts.map +1 -0
  391. package/dist-browser/response/DeviceCodeResponse.d.ts +26 -0
  392. package/dist-browser/response/DeviceCodeResponse.d.ts.map +1 -0
  393. package/dist-browser/response/ExternalTokenResponse.d.ts +16 -0
  394. package/dist-browser/response/ExternalTokenResponse.d.ts.map +1 -0
  395. package/dist-browser/response/IMDSBadResponse.d.ts +5 -0
  396. package/dist-browser/response/IMDSBadResponse.d.ts.map +1 -0
  397. package/dist-browser/response/ResponseHandler.d.ts +63 -0
  398. package/dist-browser/response/ResponseHandler.d.ts.map +1 -0
  399. package/dist-browser/response/ResponseHandler.mjs +349 -0
  400. package/dist-browser/response/ResponseHandler.mjs.map +1 -0
  401. package/dist-browser/response/ServerAuthorizationTokenResponse.d.ts +48 -0
  402. package/dist-browser/response/ServerAuthorizationTokenResponse.d.ts.map +1 -0
  403. package/dist-browser/telemetry/performance/IPerformanceClient.d.ts +30 -0
  404. package/dist-browser/telemetry/performance/IPerformanceClient.d.ts.map +1 -0
  405. package/dist-browser/telemetry/performance/IPerformanceMeasurement.d.ts +6 -0
  406. package/dist-browser/telemetry/performance/IPerformanceMeasurement.d.ts.map +1 -0
  407. package/dist-browser/telemetry/performance/PerformanceClient.d.ts +170 -0
  408. package/dist-browser/telemetry/performance/PerformanceClient.d.ts.map +1 -0
  409. package/dist-browser/telemetry/performance/PerformanceClient.mjs +490 -0
  410. package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -0
  411. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts +286 -0
  412. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts.map +1 -0
  413. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +45 -0
  414. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -0
  415. package/dist-browser/telemetry/performance/PerformanceEvents.d.ts +66 -0
  416. package/dist-browser/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
  417. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +74 -0
  418. package/dist-browser/telemetry/performance/PerformanceEvents.mjs.map +1 -0
  419. package/dist-browser/telemetry/performance/StubPerformanceClient.d.ts +21 -0
  420. package/dist-browser/telemetry/performance/StubPerformanceClient.d.ts.map +1 -0
  421. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +59 -0
  422. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs.map +1 -0
  423. package/dist-browser/telemetry/server/ServerTelemetryManager.d.ts +79 -0
  424. package/dist-browser/telemetry/server/ServerTelemetryManager.d.ts.map +1 -0
  425. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +266 -0
  426. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs.map +1 -0
  427. package/dist-browser/telemetry/server/ServerTelemetryRequest.d.ts +9 -0
  428. package/dist-browser/telemetry/server/ServerTelemetryRequest.d.ts.map +1 -0
  429. package/dist-browser/url/IUri.d.ts +13 -0
  430. package/dist-browser/url/IUri.d.ts.map +1 -0
  431. package/dist-browser/url/UrlString.d.ts +44 -0
  432. package/dist-browser/url/UrlString.d.ts.map +1 -0
  433. package/dist-browser/url/UrlString.mjs +164 -0
  434. package/dist-browser/url/UrlString.mjs.map +1 -0
  435. package/dist-browser/utils/ClientAssertionUtils.d.ts +3 -0
  436. package/dist-browser/utils/ClientAssertionUtils.d.ts.map +1 -0
  437. package/dist-browser/utils/ClientAssertionUtils.mjs +21 -0
  438. package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -0
  439. package/dist-browser/utils/Constants.d.ts +283 -0
  440. package/dist-browser/utils/Constants.d.ts.map +1 -0
  441. package/dist-browser/utils/Constants.mjs +298 -0
  442. package/dist-browser/utils/Constants.mjs.map +1 -0
  443. package/dist-browser/utils/FunctionWrappers.d.ts +28 -0
  444. package/dist-browser/utils/FunctionWrappers.d.ts.map +1 -0
  445. package/dist-browser/utils/FunctionWrappers.mjs +98 -0
  446. package/dist-browser/utils/FunctionWrappers.mjs.map +1 -0
  447. package/dist-browser/utils/MsalTypes.d.ts +7 -0
  448. package/dist-browser/utils/MsalTypes.d.ts.map +1 -0
  449. package/dist-browser/utils/ProtocolUtils.d.ts +22 -0
  450. package/dist-browser/utils/ProtocolUtils.d.ts.map +1 -0
  451. package/dist-browser/utils/ProtocolUtils.mjs +74 -0
  452. package/dist-browser/utils/ProtocolUtils.mjs.map +1 -0
  453. package/dist-browser/utils/StateTypes.d.ts +15 -0
  454. package/dist-browser/utils/StateTypes.d.ts.map +1 -0
  455. package/dist-browser/utils/StringUtils.d.ts +41 -0
  456. package/dist-browser/utils/StringUtils.d.ts.map +1 -0
  457. package/dist-browser/utils/StringUtils.mjs +100 -0
  458. package/dist-browser/utils/StringUtils.mjs.map +1 -0
  459. package/dist-browser/utils/TimeUtils.d.ts +43 -0
  460. package/dist-browser/utils/TimeUtils.d.ts.map +1 -0
  461. package/dist-browser/utils/TimeUtils.mjs +76 -0
  462. package/dist-browser/utils/TimeUtils.mjs.map +1 -0
  463. package/dist-browser/utils/UrlUtils.d.ts +23 -0
  464. package/dist-browser/utils/UrlUtils.d.ts.map +1 -0
  465. package/dist-browser/utils/UrlUtils.mjs +115 -0
  466. package/dist-browser/utils/UrlUtils.mjs.map +1 -0
  467. package/lib/index-browser.cjs +2 -2
  468. package/lib/{index-node-B7mR4APO.js → index-node-A5mPbLhz.js} +14 -9
  469. package/lib/{index-node-B7mR4APO.js.map → index-node-A5mPbLhz.js.map} +1 -1
  470. package/lib/index-node.cjs +2 -2
  471. package/lib/index.cjs +2 -2
  472. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  473. package/lib/types/packageMetadata.d.ts +1 -1
  474. package/lib/types/packageMetadata.d.ts.map +1 -1
  475. package/lib/types/request/BaseAuthRequest.d.ts +63 -20
  476. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  477. package/lib/types/request/CommonAuthorizationCodeRequest.d.ts +18 -13
  478. package/lib/types/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
  479. package/lib/types/request/CommonAuthorizationUrlRequest.d.ts +48 -27
  480. package/lib/types/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
  481. package/lib/types/request/CommonEndSessionRequest.d.ts +21 -7
  482. package/lib/types/request/CommonEndSessionRequest.d.ts.map +1 -1
  483. package/lib/types/request/CommonRefreshTokenRequest.d.ts +12 -10
  484. package/lib/types/request/CommonRefreshTokenRequest.d.ts.map +1 -1
  485. package/lib/types/request/CommonSilentFlowRequest.d.ts +12 -14
  486. package/lib/types/request/CommonSilentFlowRequest.d.ts.map +1 -1
  487. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  488. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +3 -1
  489. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  490. package/package.json +5 -3
  491. package/src/client/RefreshTokenClient.ts +13 -16
  492. package/src/packageMetadata.ts +1 -1
  493. package/src/request/BaseAuthRequest.ts +63 -20
  494. package/src/request/CommonAuthorizationCodeRequest.ts +18 -13
  495. package/src/request/CommonAuthorizationUrlRequest.ts +48 -27
  496. package/src/request/CommonEndSessionRequest.ts +21 -7
  497. package/src/request/CommonRefreshTokenRequest.ts +12 -10
  498. package/src/request/CommonSilentFlowRequest.ts +12 -14
  499. package/src/response/ResponseHandler.ts +5 -0
  500. package/src/telemetry/performance/PerformanceEvent.ts +3 -1
@@ -0,0 +1,841 @@
1
+ /*! @azure/msal-common v16.0.2 2026-01-17 */
2
+ 'use strict';
3
+ import { AuthorityType } from './AuthorityType.mjs';
4
+ import { isOpenIdConfigResponse } from './OpenIdConfigResponse.mjs';
5
+ import { UrlString } from '../url/UrlString.mjs';
6
+ import { createClientAuthError } from '../error/ClientAuthError.mjs';
7
+ import { CIAM_AUTH_URL, DSTS, ADFS, AuthorityMetadataSource, AZURE_REGION_AUTO_DISCOVER_FLAG, RegionDiscoveryOutcomes, AAD_INSTANCE_DISCOVERY_ENDPT, INVALID_INSTANCE, DEFAULT_AUTHORITY_HOST, KNOWN_PUBLIC_CLOUDS, FORWARD_SLASH, AADAuthority, DEFAULT_COMMON_TENANT, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX, AAD_TENANT_DOMAIN_SUFFIX } from '../utils/Constants.mjs';
8
+ import { EndpointMetadata, getCloudDiscoveryMetadataFromHardcodedValues, getCloudDiscoveryMetadataFromNetworkResponse, InstanceDiscoveryMetadataAliases } from './AuthorityMetadata.mjs';
9
+ import { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';
10
+ import { ProtocolMode } from './ProtocolMode.mjs';
11
+ import { AzureCloudInstance } from './AuthorityOptions.mjs';
12
+ import { isCloudInstanceDiscoveryResponse } from './CloudInstanceDiscoveryResponse.mjs';
13
+ import { isCloudInstanceDiscoveryErrorResponse } from './CloudInstanceDiscoveryErrorResponse.mjs';
14
+ import { RegionDiscovery } from './RegionDiscovery.mjs';
15
+ import { AuthError } from '../error/AuthError.mjs';
16
+ import { AuthorityUpdateCloudDiscoveryMetadata, AuthorityUpdateEndpointMetadata, AuthorityUpdateMetadataWithRegionalInformation, AuthorityGetEndpointMetadataFromNetwork, RegionDiscoveryDetectRegion, AuthorityGetCloudDiscoveryMetadataFromNetwork } from '../telemetry/performance/PerformanceEvents.mjs';
17
+ import { invokeAsync } from '../utils/FunctionWrappers.mjs';
18
+ import { generateAuthorityMetadataExpiresAt, updateAuthorityEndpointMetadata, isAuthorityMetadataExpired, updateCloudDiscoveryMetadata } from '../cache/utils/CacheHelpers.mjs';
19
+ import { endpointResolutionError, endSessionEndpointNotSupported, openIdConfigError } from '../error/ClientAuthErrorCodes.mjs';
20
+ import { invalidAuthorityMetadata, untrustedAuthority, invalidCloudDiscoveryMetadata } from '../error/ClientConfigurationErrorCodes.mjs';
21
+
22
+ /*
23
+ * Copyright (c) Microsoft Corporation. All rights reserved.
24
+ * Licensed under the MIT License.
25
+ */
26
+ /**
27
+ * The authority class validates the authority URIs used by the user, and retrieves the OpenID Configuration Data from the
28
+ * endpoint. It will store the pertinent config data in this object for use during token calls.
29
+ * @internal
30
+ */
31
+ class Authority {
32
+ constructor(authority, networkInterface, cacheManager, authorityOptions, logger, correlationId, performanceClient, managedIdentity) {
33
+ this.canonicalAuthority = authority;
34
+ this._canonicalAuthority.validateAsUri();
35
+ this.networkInterface = networkInterface;
36
+ this.cacheManager = cacheManager;
37
+ this.authorityOptions = authorityOptions;
38
+ this.regionDiscoveryMetadata = {
39
+ region_used: undefined,
40
+ region_source: undefined,
41
+ region_outcome: undefined,
42
+ };
43
+ this.logger = logger;
44
+ this.performanceClient = performanceClient;
45
+ this.correlationId = correlationId;
46
+ this.managedIdentity = managedIdentity || false;
47
+ this.regionDiscovery = new RegionDiscovery(networkInterface, this.logger, this.performanceClient, this.correlationId);
48
+ }
49
+ /**
50
+ * Get {@link AuthorityType}
51
+ * @param authorityUri {@link IUri}
52
+ * @private
53
+ */
54
+ getAuthorityType(authorityUri) {
55
+ // CIAM auth url pattern is being standardized as: <tenant>.ciamlogin.com
56
+ if (authorityUri.HostNameAndPort.endsWith(CIAM_AUTH_URL)) {
57
+ return AuthorityType.Ciam;
58
+ }
59
+ const pathSegments = authorityUri.PathSegments;
60
+ if (pathSegments.length) {
61
+ switch (pathSegments[0].toLowerCase()) {
62
+ case ADFS:
63
+ return AuthorityType.Adfs;
64
+ case DSTS:
65
+ return AuthorityType.Dsts;
66
+ }
67
+ }
68
+ return AuthorityType.Default;
69
+ }
70
+ // See above for AuthorityType
71
+ get authorityType() {
72
+ return this.getAuthorityType(this.canonicalAuthorityUrlComponents);
73
+ }
74
+ /**
75
+ * ProtocolMode enum representing the way endpoints are constructed.
76
+ */
77
+ get protocolMode() {
78
+ return this.authorityOptions.protocolMode;
79
+ }
80
+ /**
81
+ * Returns authorityOptions which can be used to reinstantiate a new authority instance
82
+ */
83
+ get options() {
84
+ return this.authorityOptions;
85
+ }
86
+ /**
87
+ * A URL that is the authority set by the developer
88
+ */
89
+ get canonicalAuthority() {
90
+ return this._canonicalAuthority.urlString;
91
+ }
92
+ /**
93
+ * Sets canonical authority.
94
+ */
95
+ set canonicalAuthority(url) {
96
+ this._canonicalAuthority = new UrlString(url);
97
+ this._canonicalAuthority.validateAsUri();
98
+ this._canonicalAuthorityUrlComponents = null;
99
+ }
100
+ /**
101
+ * Get authority components.
102
+ */
103
+ get canonicalAuthorityUrlComponents() {
104
+ if (!this._canonicalAuthorityUrlComponents) {
105
+ this._canonicalAuthorityUrlComponents =
106
+ this._canonicalAuthority.getUrlComponents();
107
+ }
108
+ return this._canonicalAuthorityUrlComponents;
109
+ }
110
+ /**
111
+ * Get hostname and port i.e. login.microsoftonline.com
112
+ */
113
+ get hostnameAndPort() {
114
+ return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase();
115
+ }
116
+ /**
117
+ * Get tenant for authority.
118
+ */
119
+ get tenant() {
120
+ return this.canonicalAuthorityUrlComponents.PathSegments[0];
121
+ }
122
+ /**
123
+ * OAuth /authorize endpoint for requests
124
+ */
125
+ get authorizationEndpoint() {
126
+ if (this.discoveryComplete()) {
127
+ return this.replacePath(this.metadata.authorization_endpoint);
128
+ }
129
+ else {
130
+ throw createClientAuthError(endpointResolutionError);
131
+ }
132
+ }
133
+ /**
134
+ * OAuth /token endpoint for requests
135
+ */
136
+ get tokenEndpoint() {
137
+ if (this.discoveryComplete()) {
138
+ return this.replacePath(this.metadata.token_endpoint);
139
+ }
140
+ else {
141
+ throw createClientAuthError(endpointResolutionError);
142
+ }
143
+ }
144
+ get deviceCodeEndpoint() {
145
+ if (this.discoveryComplete()) {
146
+ return this.replacePath(this.metadata.token_endpoint.replace("/token", "/devicecode"));
147
+ }
148
+ else {
149
+ throw createClientAuthError(endpointResolutionError);
150
+ }
151
+ }
152
+ /**
153
+ * OAuth logout endpoint for requests
154
+ */
155
+ get endSessionEndpoint() {
156
+ if (this.discoveryComplete()) {
157
+ // ROPC policies may not have end_session_endpoint set
158
+ if (!this.metadata.end_session_endpoint) {
159
+ throw createClientAuthError(endSessionEndpointNotSupported);
160
+ }
161
+ return this.replacePath(this.metadata.end_session_endpoint);
162
+ }
163
+ else {
164
+ throw createClientAuthError(endpointResolutionError);
165
+ }
166
+ }
167
+ /**
168
+ * OAuth issuer for requests
169
+ */
170
+ get selfSignedJwtAudience() {
171
+ if (this.discoveryComplete()) {
172
+ return this.replacePath(this.metadata.issuer);
173
+ }
174
+ else {
175
+ throw createClientAuthError(endpointResolutionError);
176
+ }
177
+ }
178
+ /**
179
+ * Jwks_uri for token signing keys
180
+ */
181
+ get jwksUri() {
182
+ if (this.discoveryComplete()) {
183
+ return this.replacePath(this.metadata.jwks_uri);
184
+ }
185
+ else {
186
+ throw createClientAuthError(endpointResolutionError);
187
+ }
188
+ }
189
+ /**
190
+ * Returns a flag indicating that tenant name can be replaced in authority {@link IUri}
191
+ * @param authorityUri {@link IUri}
192
+ * @private
193
+ */
194
+ canReplaceTenant(authorityUri) {
195
+ return (authorityUri.PathSegments.length === 1 &&
196
+ !Authority.reservedTenantDomains.has(authorityUri.PathSegments[0]) &&
197
+ this.getAuthorityType(authorityUri) === AuthorityType.Default &&
198
+ this.protocolMode !== ProtocolMode.OIDC);
199
+ }
200
+ /**
201
+ * Replaces tenant in url path with current tenant. Defaults to common.
202
+ * @param urlString
203
+ */
204
+ replaceTenant(urlString) {
205
+ return urlString.replace(/{tenant}|{tenantid}/g, this.tenant);
206
+ }
207
+ /**
208
+ * Replaces path such as tenant or policy with the current tenant or policy.
209
+ * @param urlString
210
+ */
211
+ replacePath(urlString) {
212
+ let endpoint = urlString;
213
+ const cachedAuthorityUrl = new UrlString(this.metadata.canonical_authority);
214
+ const cachedAuthorityUrlComponents = cachedAuthorityUrl.getUrlComponents();
215
+ const cachedAuthorityParts = cachedAuthorityUrlComponents.PathSegments;
216
+ const currentAuthorityParts = this.canonicalAuthorityUrlComponents.PathSegments;
217
+ currentAuthorityParts.forEach((currentPart, index) => {
218
+ let cachedPart = cachedAuthorityParts[index];
219
+ if (index === 0 &&
220
+ this.canReplaceTenant(cachedAuthorityUrlComponents)) {
221
+ const tenantId = new UrlString(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];
222
+ /**
223
+ * Check if AAD canonical authority contains tenant domain name, for example "testdomain.onmicrosoft.com",
224
+ * by comparing its first path segment to the corresponding authorization endpoint path segment, which is
225
+ * always resolved with tenant id by OIDC.
226
+ */
227
+ if (cachedPart !== tenantId) {
228
+ this.logger.verbose("1q3g2x", this.correlationId);
229
+ cachedPart = tenantId;
230
+ }
231
+ }
232
+ if (currentPart !== cachedPart) {
233
+ endpoint = endpoint.replace(`/${cachedPart}/`, `/${currentPart}/`);
234
+ }
235
+ });
236
+ return this.replaceTenant(endpoint);
237
+ }
238
+ /**
239
+ * The default open id configuration endpoint for any canonical authority.
240
+ */
241
+ get defaultOpenIdConfigurationEndpoint() {
242
+ const canonicalAuthorityHost = this.hostnameAndPort;
243
+ if (this.canonicalAuthority.endsWith("v2.0/") ||
244
+ this.authorityType === AuthorityType.Adfs ||
245
+ (this.protocolMode === ProtocolMode.OIDC &&
246
+ !this.isAliasOfKnownMicrosoftAuthority(canonicalAuthorityHost))) {
247
+ return `${this.canonicalAuthority}.well-known/openid-configuration`;
248
+ }
249
+ return `${this.canonicalAuthority}v2.0/.well-known/openid-configuration`;
250
+ }
251
+ /**
252
+ * Boolean that returns whether or not tenant discovery has been completed.
253
+ */
254
+ discoveryComplete() {
255
+ return !!this.metadata;
256
+ }
257
+ /**
258
+ * Perform endpoint discovery to discover aliases, preferred_cache, preferred_network
259
+ * and the /authorize, /token and logout endpoints.
260
+ */
261
+ async resolveEndpointsAsync() {
262
+ const metadataEntity = this.getCurrentMetadataEntity();
263
+ const cloudDiscoverySource = await invokeAsync(this.updateCloudDiscoveryMetadata.bind(this), AuthorityUpdateCloudDiscoveryMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity);
264
+ this.canonicalAuthority = this.canonicalAuthority.replace(this.hostnameAndPort, metadataEntity.preferred_network);
265
+ const endpointSource = await invokeAsync(this.updateEndpointMetadata.bind(this), AuthorityUpdateEndpointMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity);
266
+ this.updateCachedMetadata(metadataEntity, cloudDiscoverySource, {
267
+ source: endpointSource,
268
+ });
269
+ this.performanceClient?.addFields({
270
+ cloudDiscoverySource: cloudDiscoverySource,
271
+ authorityEndpointSource: endpointSource,
272
+ }, this.correlationId);
273
+ }
274
+ /**
275
+ * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built
276
+ * from the configured canonical authority
277
+ * @returns
278
+ */
279
+ getCurrentMetadataEntity() {
280
+ let metadataEntity = this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort, this.correlationId);
281
+ if (!metadataEntity) {
282
+ metadataEntity = {
283
+ aliases: [],
284
+ preferred_cache: this.hostnameAndPort,
285
+ preferred_network: this.hostnameAndPort,
286
+ canonical_authority: this.canonicalAuthority,
287
+ authorization_endpoint: "",
288
+ token_endpoint: "",
289
+ end_session_endpoint: "",
290
+ issuer: "",
291
+ aliasesFromNetwork: false,
292
+ endpointsFromNetwork: false,
293
+ expiresAt: generateAuthorityMetadataExpiresAt(),
294
+ jwks_uri: "",
295
+ };
296
+ }
297
+ return metadataEntity;
298
+ }
299
+ /**
300
+ * Updates cached metadata based on metadata source and sets the instance's metadata
301
+ * property to the same value
302
+ * @param metadataEntity
303
+ * @param cloudDiscoverySource
304
+ * @param endpointMetadataResult
305
+ */
306
+ updateCachedMetadata(metadataEntity, cloudDiscoverySource, endpointMetadataResult) {
307
+ if (cloudDiscoverySource !== AuthorityMetadataSource.CACHE &&
308
+ endpointMetadataResult?.source !==
309
+ AuthorityMetadataSource.CACHE) {
310
+ // Reset the expiration time unless both values came from a successful cache lookup
311
+ metadataEntity.expiresAt =
312
+ generateAuthorityMetadataExpiresAt();
313
+ metadataEntity.canonical_authority = this.canonicalAuthority;
314
+ }
315
+ const cacheKey = this.cacheManager.generateAuthorityMetadataCacheKey(metadataEntity.preferred_cache, this.correlationId);
316
+ this.cacheManager.setAuthorityMetadata(cacheKey, metadataEntity, this.correlationId);
317
+ this.metadata = metadataEntity;
318
+ }
319
+ /**
320
+ * Update AuthorityMetadataEntity with new endpoints and return where the information came from
321
+ * @param metadataEntity
322
+ */
323
+ async updateEndpointMetadata(metadataEntity) {
324
+ const localMetadata = this.updateEndpointMetadataFromLocalSources(metadataEntity);
325
+ // Further update may be required for hardcoded metadata if regional metadata is preferred
326
+ if (localMetadata) {
327
+ if (localMetadata.source ===
328
+ AuthorityMetadataSource.HARDCODED_VALUES) {
329
+ // If the user prefers to use an azure region replace the global endpoints with regional information.
330
+ if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
331
+ if (localMetadata.metadata) {
332
+ const hardcodedMetadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(localMetadata.metadata);
333
+ updateAuthorityEndpointMetadata(metadataEntity, hardcodedMetadata, false);
334
+ metadataEntity.canonical_authority =
335
+ this.canonicalAuthority;
336
+ }
337
+ }
338
+ }
339
+ return localMetadata.source;
340
+ }
341
+ // Get metadata from network if local sources aren't available
342
+ let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
343
+ if (metadata) {
344
+ // If the user prefers to use an azure region replace the global endpoints with regional information.
345
+ if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
346
+ metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
347
+ }
348
+ updateAuthorityEndpointMetadata(metadataEntity, metadata, true);
349
+ return AuthorityMetadataSource.NETWORK;
350
+ }
351
+ else {
352
+ // Metadata could not be obtained from the config, cache, network or hardcoded values
353
+ throw createClientAuthError(openIdConfigError, this.defaultOpenIdConfigurationEndpoint);
354
+ }
355
+ }
356
+ /**
357
+ * Updates endpoint metadata from local sources and returns where the information was retrieved from and the metadata config
358
+ * response if the source is hardcoded metadata
359
+ * @param metadataEntity
360
+ * @returns
361
+ */
362
+ updateEndpointMetadataFromLocalSources(metadataEntity) {
363
+ this.logger.verbose("1fi0kc", this.correlationId);
364
+ const configMetadata = this.getEndpointMetadataFromConfig();
365
+ if (configMetadata) {
366
+ this.logger.verbose("06t0uj", this.correlationId);
367
+ updateAuthorityEndpointMetadata(metadataEntity, configMetadata, false);
368
+ return {
369
+ source: AuthorityMetadataSource.CONFIG,
370
+ };
371
+ }
372
+ this.logger.verbose("151k0p", this.correlationId);
373
+ const hardcodedMetadata = this.getEndpointMetadataFromHardcodedValues();
374
+ if (hardcodedMetadata) {
375
+ updateAuthorityEndpointMetadata(metadataEntity, hardcodedMetadata, false);
376
+ return {
377
+ source: AuthorityMetadataSource.HARDCODED_VALUES,
378
+ metadata: hardcodedMetadata,
379
+ };
380
+ }
381
+ else {
382
+ this.logger.verbose("1imop5", this.correlationId);
383
+ }
384
+ // Check cached metadata entity expiration status
385
+ const metadataEntityExpired = isAuthorityMetadataExpired(metadataEntity);
386
+ if (this.isAuthoritySameType(metadataEntity) &&
387
+ metadataEntity.endpointsFromNetwork &&
388
+ !metadataEntityExpired) {
389
+ // No need to update
390
+ this.logger.verbose("16uq31", "");
391
+ return { source: AuthorityMetadataSource.CACHE };
392
+ }
393
+ else if (metadataEntityExpired) {
394
+ this.logger.verbose("0uoibc", "");
395
+ }
396
+ return null;
397
+ }
398
+ /**
399
+ * Compares the number of url components after the domain to determine if the cached
400
+ * authority metadata can be used for the requested authority. Protects against same domain different
401
+ * authority such as login.microsoftonline.com/tenant and login.microsoftonline.com/tfp/tenant/policy
402
+ * @param metadataEntity
403
+ */
404
+ isAuthoritySameType(metadataEntity) {
405
+ const cachedAuthorityUrl = new UrlString(metadataEntity.canonical_authority);
406
+ const cachedParts = cachedAuthorityUrl.getUrlComponents().PathSegments;
407
+ return (cachedParts.length ===
408
+ this.canonicalAuthorityUrlComponents.PathSegments.length);
409
+ }
410
+ /**
411
+ * Parse authorityMetadata config option
412
+ */
413
+ getEndpointMetadataFromConfig() {
414
+ if (this.authorityOptions.authorityMetadata) {
415
+ try {
416
+ return JSON.parse(this.authorityOptions.authorityMetadata);
417
+ }
418
+ catch (e) {
419
+ throw createClientConfigurationError(invalidAuthorityMetadata);
420
+ }
421
+ }
422
+ return null;
423
+ }
424
+ /**
425
+ * Gets OAuth endpoints from the given OpenID configuration endpoint.
426
+ *
427
+ * @param hasHardcodedMetadata boolean
428
+ */
429
+ async getEndpointMetadataFromNetwork() {
430
+ const options = {};
431
+ /*
432
+ * TODO: Add a timeout if the authority exists in our library's
433
+ * hardcoded list of metadata
434
+ */
435
+ const openIdConfigurationEndpoint = this.defaultOpenIdConfigurationEndpoint;
436
+ this.logger.verbose("1y65x6", this.correlationId);
437
+ try {
438
+ const response = await this.networkInterface.sendGetRequestAsync(openIdConfigurationEndpoint, options);
439
+ const isValidResponse = isOpenIdConfigResponse(response.body);
440
+ if (isValidResponse) {
441
+ return response.body;
442
+ }
443
+ else {
444
+ this.logger.verbose("1koyv8", this.correlationId);
445
+ return null;
446
+ }
447
+ }
448
+ catch (e) {
449
+ this.logger.verbose("0a9wik", this.correlationId);
450
+ return null;
451
+ }
452
+ }
453
+ /**
454
+ * Get OAuth endpoints for common authorities.
455
+ */
456
+ getEndpointMetadataFromHardcodedValues() {
457
+ if (this.hostnameAndPort in EndpointMetadata) {
458
+ return EndpointMetadata[this.hostnameAndPort];
459
+ }
460
+ return null;
461
+ }
462
+ /**
463
+ * Update the retrieved metadata with regional information.
464
+ * User selected Azure region will be used if configured.
465
+ */
466
+ async updateMetadataWithRegionalInformation(metadata) {
467
+ const userConfiguredAzureRegion = this.authorityOptions.azureRegionConfiguration?.azureRegion;
468
+ if (userConfiguredAzureRegion) {
469
+ if (userConfiguredAzureRegion !==
470
+ AZURE_REGION_AUTO_DISCOVER_FLAG) {
471
+ this.regionDiscoveryMetadata.region_outcome =
472
+ RegionDiscoveryOutcomes.CONFIGURED_NO_AUTO_DETECTION;
473
+ this.regionDiscoveryMetadata.region_used =
474
+ userConfiguredAzureRegion;
475
+ return Authority.replaceWithRegionalInformation(metadata, userConfiguredAzureRegion);
476
+ }
477
+ const autodetectedRegionName = await invokeAsync(this.regionDiscovery.detectRegion.bind(this.regionDiscovery), RegionDiscoveryDetectRegion, this.logger, this.performanceClient, this.correlationId)(this.authorityOptions.azureRegionConfiguration
478
+ ?.environmentRegion, this.regionDiscoveryMetadata);
479
+ if (autodetectedRegionName) {
480
+ this.regionDiscoveryMetadata.region_outcome =
481
+ RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_SUCCESSFUL;
482
+ this.regionDiscoveryMetadata.region_used =
483
+ autodetectedRegionName;
484
+ return Authority.replaceWithRegionalInformation(metadata, autodetectedRegionName);
485
+ }
486
+ this.regionDiscoveryMetadata.region_outcome =
487
+ RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_FAILED;
488
+ }
489
+ return metadata;
490
+ }
491
+ /**
492
+ * Updates the AuthorityMetadataEntity with new aliases, preferred_network and preferred_cache
493
+ * and returns where the information was retrieved from
494
+ * @param metadataEntity
495
+ * @returns AuthorityMetadataSource
496
+ */
497
+ async updateCloudDiscoveryMetadata(metadataEntity) {
498
+ const localMetadataSource = this.updateCloudDiscoveryMetadataFromLocalSources(metadataEntity);
499
+ if (localMetadataSource) {
500
+ return localMetadataSource;
501
+ }
502
+ // Fallback to network as metadata source
503
+ const metadata = await invokeAsync(this.getCloudDiscoveryMetadataFromNetwork.bind(this), AuthorityGetCloudDiscoveryMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
504
+ if (metadata) {
505
+ updateCloudDiscoveryMetadata(metadataEntity, metadata, true);
506
+ return AuthorityMetadataSource.NETWORK;
507
+ }
508
+ // Metadata could not be obtained from the config, cache, network or hardcoded values
509
+ throw createClientConfigurationError(untrustedAuthority);
510
+ }
511
+ updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
512
+ this.logger.verbose("0jhlgt", this.correlationId);
513
+ this.logger.verbosePii("1fy7uz", this.correlationId);
514
+ this.logger.verbosePii("08zabj", this.correlationId);
515
+ this.logger.verbosePii("1o1kv3", this.correlationId);
516
+ const metadata = this.getCloudDiscoveryMetadataFromConfig();
517
+ if (metadata) {
518
+ this.logger.verbose("1nakio", this.correlationId);
519
+ updateCloudDiscoveryMetadata(metadataEntity, metadata, false);
520
+ return AuthorityMetadataSource.CONFIG;
521
+ }
522
+ // If the cached metadata came from config but that config was not passed to this instance, we must go to hardcoded values
523
+ this.logger.verbose("1x74aj", this.correlationId);
524
+ const hardcodedMetadata = getCloudDiscoveryMetadataFromHardcodedValues(this.hostnameAndPort);
525
+ if (hardcodedMetadata) {
526
+ this.logger.verbose("0by47c", this.correlationId);
527
+ updateCloudDiscoveryMetadata(metadataEntity, hardcodedMetadata, false);
528
+ return AuthorityMetadataSource.HARDCODED_VALUES;
529
+ }
530
+ this.logger.verbose("0r2fzy", this.correlationId);
531
+ const metadataEntityExpired = isAuthorityMetadataExpired(metadataEntity);
532
+ if (this.isAuthoritySameType(metadataEntity) &&
533
+ metadataEntity.aliasesFromNetwork &&
534
+ !metadataEntityExpired) {
535
+ this.logger.verbose("1uffgh", "");
536
+ // No need to update
537
+ return AuthorityMetadataSource.CACHE;
538
+ }
539
+ else if (metadataEntityExpired) {
540
+ this.logger.verbose("0uoibc", "");
541
+ }
542
+ return null;
543
+ }
544
+ /**
545
+ * Parse cloudDiscoveryMetadata config or check knownAuthorities
546
+ */
547
+ getCloudDiscoveryMetadataFromConfig() {
548
+ // CIAM does not support cloud discovery metadata
549
+ if (this.authorityType === AuthorityType.Ciam) {
550
+ this.logger.verbose("04y84h", this.correlationId);
551
+ return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
552
+ }
553
+ // Check if network response was provided in config
554
+ if (this.authorityOptions.cloudDiscoveryMetadata) {
555
+ this.logger.verbose("0gszr3", this.correlationId);
556
+ try {
557
+ this.logger.verbose("1iifkx", this.correlationId);
558
+ const parsedResponse = JSON.parse(this.authorityOptions.cloudDiscoveryMetadata);
559
+ const metadata = getCloudDiscoveryMetadataFromNetworkResponse(parsedResponse.metadata, this.hostnameAndPort);
560
+ this.logger.verbose("0q67e3", "");
561
+ if (metadata) {
562
+ this.logger.verbose("0hzfao", this.correlationId);
563
+ return metadata;
564
+ }
565
+ else {
566
+ this.logger.verbose("1ajz3u", this.correlationId);
567
+ }
568
+ }
569
+ catch (e) {
570
+ this.logger.verbose("1wq5tu", this.correlationId);
571
+ throw createClientConfigurationError(invalidCloudDiscoveryMetadata);
572
+ }
573
+ }
574
+ // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
575
+ if (this.isInKnownAuthorities()) {
576
+ this.logger.verbose("0mt9al", this.correlationId);
577
+ return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
578
+ }
579
+ return null;
580
+ }
581
+ /**
582
+ * Called to get metadata from network if CloudDiscoveryMetadata was not populated by config
583
+ *
584
+ * @param hasHardcodedMetadata boolean
585
+ */
586
+ async getCloudDiscoveryMetadataFromNetwork() {
587
+ const instanceDiscoveryEndpoint = `${AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`;
588
+ const options = {};
589
+ /*
590
+ * TODO: Add a timeout if the authority exists in our library's
591
+ * hardcoded list of metadata
592
+ */
593
+ let match = null;
594
+ try {
595
+ const response = await this.networkInterface.sendGetRequestAsync(instanceDiscoveryEndpoint, options);
596
+ let typedResponseBody;
597
+ let metadata;
598
+ if (isCloudInstanceDiscoveryResponse(response.body)) {
599
+ typedResponseBody =
600
+ response.body;
601
+ metadata = typedResponseBody.metadata;
602
+ this.logger.verbosePii("1vglyt", this.correlationId);
603
+ }
604
+ else if (isCloudInstanceDiscoveryErrorResponse(response.body)) {
605
+ this.logger.warning("062uto", this.correlationId);
606
+ typedResponseBody =
607
+ response.body;
608
+ if (typedResponseBody.error === INVALID_INSTANCE) {
609
+ this.logger.error("1x90tm", this.correlationId);
610
+ return null;
611
+ }
612
+ this.logger.warning("0wchdm", this.correlationId);
613
+ this.logger.warning("1s5mpv", this.correlationId);
614
+ this.logger.warning("1yhqpw", this.correlationId);
615
+ metadata = [];
616
+ }
617
+ else {
618
+ this.logger.error("0768g0", this.correlationId);
619
+ return null;
620
+ }
621
+ this.logger.verbose("1lrobr", this.correlationId);
622
+ match = getCloudDiscoveryMetadataFromNetworkResponse(metadata, this.hostnameAndPort);
623
+ }
624
+ catch (error) {
625
+ if (error instanceof AuthError) {
626
+ this.logger.error("0vwhc7", this.correlationId);
627
+ }
628
+ else {
629
+ this.logger.error("0s2z41", this.correlationId);
630
+ }
631
+ return null;
632
+ }
633
+ // Custom Domain scenario, host is trusted because Instance Discovery call succeeded
634
+ if (!match) {
635
+ this.logger.warning("0jp28q", this.correlationId);
636
+ this.logger.verbose("130sd8", this.correlationId);
637
+ match = Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
638
+ }
639
+ return match;
640
+ }
641
+ /**
642
+ * Helper function to determine if this host is included in the knownAuthorities config option
643
+ */
644
+ isInKnownAuthorities() {
645
+ const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
646
+ return (authority &&
647
+ UrlString.getDomainFromUrl(authority).toLowerCase() ===
648
+ this.hostnameAndPort);
649
+ });
650
+ return matches.length > 0;
651
+ }
652
+ /**
653
+ * helper function to populate the authority based on azureCloudOptions
654
+ * @param authorityString
655
+ * @param azureCloudOptions
656
+ */
657
+ static generateAuthority(authorityString, azureCloudOptions) {
658
+ let authorityAzureCloudInstance;
659
+ if (azureCloudOptions &&
660
+ azureCloudOptions.azureCloudInstance !== AzureCloudInstance.None) {
661
+ const tenant = azureCloudOptions.tenant
662
+ ? azureCloudOptions.tenant
663
+ : DEFAULT_COMMON_TENANT;
664
+ authorityAzureCloudInstance = `${azureCloudOptions.azureCloudInstance}/${tenant}/`;
665
+ }
666
+ return authorityAzureCloudInstance
667
+ ? authorityAzureCloudInstance
668
+ : authorityString;
669
+ }
670
+ /**
671
+ * Creates cloud discovery metadata object from a given host
672
+ * @param host
673
+ */
674
+ static createCloudDiscoveryMetadataFromHost(host) {
675
+ return {
676
+ preferred_network: host,
677
+ preferred_cache: host,
678
+ aliases: [host],
679
+ };
680
+ }
681
+ /**
682
+ * helper function to generate environment from authority object
683
+ */
684
+ getPreferredCache() {
685
+ if (this.managedIdentity) {
686
+ return DEFAULT_AUTHORITY_HOST;
687
+ }
688
+ else if (this.discoveryComplete()) {
689
+ return this.metadata.preferred_cache;
690
+ }
691
+ else {
692
+ throw createClientAuthError(endpointResolutionError);
693
+ }
694
+ }
695
+ /**
696
+ * Returns whether or not the provided host is an alias of this authority instance
697
+ * @param host
698
+ */
699
+ isAlias(host) {
700
+ return this.metadata.aliases.indexOf(host) > -1;
701
+ }
702
+ /**
703
+ * Returns whether or not the provided host is an alias of a known Microsoft authority for purposes of endpoint discovery
704
+ * @param host
705
+ */
706
+ isAliasOfKnownMicrosoftAuthority(host) {
707
+ return InstanceDiscoveryMetadataAliases.has(host);
708
+ }
709
+ /**
710
+ * Checks whether the provided host is that of a public cloud authority
711
+ *
712
+ * @param authority string
713
+ * @returns bool
714
+ */
715
+ static isPublicCloudAuthority(host) {
716
+ return KNOWN_PUBLIC_CLOUDS.indexOf(host) >= 0;
717
+ }
718
+ /**
719
+ * Rebuild the authority string with the region
720
+ *
721
+ * @param host string
722
+ * @param region string
723
+ */
724
+ static buildRegionalAuthorityString(host, region, queryString) {
725
+ // Create and validate a Url string object with the initial authority string
726
+ const authorityUrlInstance = new UrlString(host);
727
+ authorityUrlInstance.validateAsUri();
728
+ const authorityUrlParts = authorityUrlInstance.getUrlComponents();
729
+ let hostNameAndPort = `${region}.${authorityUrlParts.HostNameAndPort}`;
730
+ if (this.isPublicCloudAuthority(authorityUrlParts.HostNameAndPort)) {
731
+ hostNameAndPort = `${region}.${REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`;
732
+ }
733
+ // Include the query string portion of the url
734
+ const url = UrlString.constructAuthorityUriFromObject({
735
+ ...authorityUrlInstance.getUrlComponents(),
736
+ HostNameAndPort: hostNameAndPort,
737
+ }).urlString;
738
+ // Add the query string if a query string was provided
739
+ if (queryString)
740
+ return `${url}?${queryString}`;
741
+ return url;
742
+ }
743
+ /**
744
+ * Replace the endpoints in the metadata object with their regional equivalents.
745
+ *
746
+ * @param metadata OpenIdConfigResponse
747
+ * @param azureRegion string
748
+ */
749
+ static replaceWithRegionalInformation(metadata, azureRegion) {
750
+ const regionalMetadata = { ...metadata };
751
+ regionalMetadata.authorization_endpoint =
752
+ Authority.buildRegionalAuthorityString(regionalMetadata.authorization_endpoint, azureRegion);
753
+ regionalMetadata.token_endpoint =
754
+ Authority.buildRegionalAuthorityString(regionalMetadata.token_endpoint, azureRegion);
755
+ if (regionalMetadata.end_session_endpoint) {
756
+ regionalMetadata.end_session_endpoint =
757
+ Authority.buildRegionalAuthorityString(regionalMetadata.end_session_endpoint, azureRegion);
758
+ }
759
+ return regionalMetadata;
760
+ }
761
+ /**
762
+ * Transform CIAM_AUTHORIY as per the below rules:
763
+ * If no path segments found and it is a CIAM authority (hostname ends with .ciamlogin.com), then transform it
764
+ *
765
+ * NOTE: The transformation path should go away once STS supports CIAM with the format: `tenantIdorDomain.ciamlogin.com`
766
+ * `ciamlogin.com` can also change in the future and we should accommodate the same
767
+ *
768
+ * @param authority
769
+ */
770
+ static transformCIAMAuthority(authority) {
771
+ let ciamAuthority = authority;
772
+ const authorityUrl = new UrlString(authority);
773
+ const authorityUrlComponents = authorityUrl.getUrlComponents();
774
+ // check if transformation is needed
775
+ if (authorityUrlComponents.PathSegments.length === 0 &&
776
+ authorityUrlComponents.HostNameAndPort.endsWith(CIAM_AUTH_URL)) {
777
+ const tenantIdOrDomain = authorityUrlComponents.HostNameAndPort.split(".")[0];
778
+ ciamAuthority = `${ciamAuthority}${tenantIdOrDomain}${AAD_TENANT_DOMAIN_SUFFIX}`;
779
+ }
780
+ return ciamAuthority;
781
+ }
782
+ }
783
+ // Reserved tenant domain names that will not be replaced with tenant id
784
+ Authority.reservedTenantDomains = new Set([
785
+ "{tenant}",
786
+ "{tenantid}",
787
+ AADAuthority.COMMON,
788
+ AADAuthority.CONSUMERS,
789
+ AADAuthority.ORGANIZATIONS,
790
+ ]);
791
+ /**
792
+ * Extract tenantId from authority
793
+ */
794
+ function getTenantFromAuthorityString(authority) {
795
+ const authorityUrl = new UrlString(authority);
796
+ const authorityUrlComponents = authorityUrl.getUrlComponents();
797
+ /**
798
+ * For credential matching purposes, tenantId is the last path segment of the authority URL:
799
+ * AAD Authority - domain/tenantId -> Credentials are cached with realm = tenantId
800
+ * B2C Authority - domain/{tenantId}?/.../policy -> Credentials are cached with realm = policy
801
+ * tenantId is downcased because B2C policies can have mixed case but tfp claim is downcased
802
+ *
803
+ * Note that we may not have any path segments in certain OIDC scenarios.
804
+ */
805
+ const tenantId = authorityUrlComponents.PathSegments.slice(-1)[0]?.toLowerCase();
806
+ switch (tenantId) {
807
+ case AADAuthority.COMMON:
808
+ case AADAuthority.ORGANIZATIONS:
809
+ case AADAuthority.CONSUMERS:
810
+ return undefined;
811
+ default:
812
+ return tenantId;
813
+ }
814
+ }
815
+ function formatAuthorityUri(authorityUri) {
816
+ return authorityUri.endsWith(FORWARD_SLASH)
817
+ ? authorityUri
818
+ : `${authorityUri}${FORWARD_SLASH}`;
819
+ }
820
+ function buildStaticAuthorityOptions(authOptions) {
821
+ const rawCloudDiscoveryMetadata = authOptions.cloudDiscoveryMetadata;
822
+ let cloudDiscoveryMetadata = undefined;
823
+ if (rawCloudDiscoveryMetadata) {
824
+ try {
825
+ cloudDiscoveryMetadata = JSON.parse(rawCloudDiscoveryMetadata);
826
+ }
827
+ catch (e) {
828
+ throw createClientConfigurationError(invalidCloudDiscoveryMetadata);
829
+ }
830
+ }
831
+ return {
832
+ canonicalAuthority: authOptions.authority
833
+ ? formatAuthorityUri(authOptions.authority)
834
+ : undefined,
835
+ knownAuthorities: authOptions.knownAuthorities,
836
+ cloudDiscoveryMetadata: cloudDiscoveryMetadata,
837
+ };
838
+ }
839
+
840
+ export { Authority, buildStaticAuthorityOptions, formatAuthorityUri, getTenantFromAuthorityString };
841
+ //# sourceMappingURL=Authority.mjs.map