@azure/msal-common 16.0.0-beta.0 → 16.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (500) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.mjs +1 -1
  17. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  18. package/dist/cache/utils/AccountEntityUtils.mjs +1 -1
  19. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  20. package/dist/client/AuthorizationCodeClient.mjs +1 -1
  21. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  22. package/dist/client/RefreshTokenClient.mjs +11 -7
  23. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  24. package/dist/client/SilentFlowClient.mjs +1 -1
  25. package/dist/config/ClientConfiguration.mjs +1 -1
  26. package/dist/constants/AADServerParamKeys.mjs +1 -1
  27. package/dist/crypto/ICrypto.mjs +1 -1
  28. package/dist/crypto/JoseHeader.mjs +1 -1
  29. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  30. package/dist/error/AuthError.mjs +1 -1
  31. package/dist/error/AuthErrorCodes.mjs +1 -1
  32. package/dist/error/CacheError.mjs +1 -1
  33. package/dist/error/CacheErrorCodes.mjs +1 -1
  34. package/dist/error/ClientAuthError.mjs +1 -1
  35. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  36. package/dist/error/ClientConfigurationError.mjs +1 -1
  37. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  38. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  39. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  40. package/dist/error/JoseHeaderError.mjs +1 -1
  41. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  42. package/dist/error/NetworkError.mjs +1 -1
  43. package/dist/error/PlatformBrokerError.mjs +1 -1
  44. package/dist/error/ServerError.mjs +1 -1
  45. package/dist/index-node.mjs +1 -1
  46. package/dist/index.mjs +1 -1
  47. package/dist/logger/Logger.mjs +1 -1
  48. package/dist/network/INetworkModule.mjs +1 -1
  49. package/dist/network/RequestThumbprint.mjs +1 -1
  50. package/dist/network/ThrottlingUtils.mjs +1 -1
  51. package/dist/packageMetadata.d.ts +1 -1
  52. package/dist/packageMetadata.d.ts.map +1 -1
  53. package/dist/packageMetadata.mjs +2 -2
  54. package/dist/protocol/Authorize.mjs +1 -1
  55. package/dist/protocol/Token.mjs +1 -1
  56. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  57. package/dist/request/BaseAuthRequest.d.ts +63 -20
  58. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  59. package/dist/request/CommonAuthorizationCodeRequest.d.ts +18 -13
  60. package/dist/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
  61. package/dist/request/CommonAuthorizationUrlRequest.d.ts +48 -27
  62. package/dist/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
  63. package/dist/request/CommonEndSessionRequest.d.ts +21 -7
  64. package/dist/request/CommonEndSessionRequest.d.ts.map +1 -1
  65. package/dist/request/CommonRefreshTokenRequest.d.ts +12 -10
  66. package/dist/request/CommonRefreshTokenRequest.d.ts.map +1 -1
  67. package/dist/request/CommonSilentFlowRequest.d.ts +12 -14
  68. package/dist/request/CommonSilentFlowRequest.d.ts.map +1 -1
  69. package/dist/request/RequestParameterBuilder.mjs +1 -1
  70. package/dist/request/ScopeSet.mjs +1 -1
  71. package/dist/response/ResponseHandler.d.ts.map +1 -1
  72. package/dist/response/ResponseHandler.mjs +2 -1
  73. package/dist/response/ResponseHandler.mjs.map +1 -1
  74. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  75. package/dist/telemetry/performance/PerformanceEvent.d.ts +3 -1
  76. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  77. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  78. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  79. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  80. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  81. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  82. package/dist/url/UrlString.mjs +1 -1
  83. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  84. package/dist/utils/Constants.mjs +1 -1
  85. package/dist/utils/FunctionWrappers.mjs +1 -1
  86. package/dist/utils/ProtocolUtils.mjs +1 -1
  87. package/dist/utils/StringUtils.mjs +1 -1
  88. package/dist/utils/TimeUtils.mjs +1 -1
  89. package/dist/utils/UrlUtils.mjs +1 -1
  90. package/dist-browser/account/AccountInfo.d.ts +71 -0
  91. package/dist-browser/account/AccountInfo.d.ts.map +1 -0
  92. package/dist-browser/account/AccountInfo.mjs +85 -0
  93. package/dist-browser/account/AccountInfo.mjs.map +1 -0
  94. package/dist-browser/account/AuthToken.d.ts +24 -0
  95. package/dist-browser/account/AuthToken.d.ts.map +1 -0
  96. package/dist-browser/account/AuthToken.mjs +85 -0
  97. package/dist-browser/account/AuthToken.mjs.map +1 -0
  98. package/dist-browser/account/CcsCredential.d.ts +10 -0
  99. package/dist-browser/account/CcsCredential.d.ts.map +1 -0
  100. package/dist-browser/account/CcsCredential.mjs +13 -0
  101. package/dist-browser/account/CcsCredential.mjs.map +1 -0
  102. package/dist-browser/account/ClientCredentials.d.ts +20 -0
  103. package/dist-browser/account/ClientCredentials.d.ts.map +1 -0
  104. package/dist-browser/account/ClientInfo.d.ts +23 -0
  105. package/dist-browser/account/ClientInfo.d.ts.map +1 -0
  106. package/dist-browser/account/ClientInfo.mjs +44 -0
  107. package/dist-browser/account/ClientInfo.mjs.map +1 -0
  108. package/dist-browser/account/TokenClaims.d.ts +88 -0
  109. package/dist-browser/account/TokenClaims.d.ts.map +1 -0
  110. package/dist-browser/account/TokenClaims.mjs +25 -0
  111. package/dist-browser/account/TokenClaims.mjs.map +1 -0
  112. package/dist-browser/authority/Authority.d.ts +255 -0
  113. package/dist-browser/authority/Authority.d.ts.map +1 -0
  114. package/dist-browser/authority/Authority.mjs +841 -0
  115. package/dist-browser/authority/Authority.mjs.map +1 -0
  116. package/dist-browser/authority/AuthorityFactory.d.ts +23 -0
  117. package/dist-browser/authority/AuthorityFactory.d.ts.map +1 -0
  118. package/dist-browser/authority/AuthorityFactory.mjs +42 -0
  119. package/dist-browser/authority/AuthorityFactory.mjs.map +1 -0
  120. package/dist-browser/authority/AuthorityMetadata.d.ts +44 -0
  121. package/dist-browser/authority/AuthorityMetadata.d.ts.map +1 -0
  122. package/dist-browser/authority/AuthorityMetadata.mjs +146 -0
  123. package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -0
  124. package/dist-browser/authority/AuthorityOptions.d.ts +27 -0
  125. package/dist-browser/authority/AuthorityOptions.d.ts.map +1 -0
  126. package/dist-browser/authority/AuthorityOptions.mjs +23 -0
  127. package/dist-browser/authority/AuthorityOptions.mjs.map +1 -0
  128. package/dist-browser/authority/AuthorityType.d.ts +11 -0
  129. package/dist-browser/authority/AuthorityType.d.ts.map +1 -0
  130. package/dist-browser/authority/AuthorityType.mjs +18 -0
  131. package/dist-browser/authority/AuthorityType.mjs.map +1 -0
  132. package/dist-browser/authority/AzureRegion.d.ts +2 -0
  133. package/dist-browser/authority/AzureRegion.d.ts.map +1 -0
  134. package/dist-browser/authority/AzureRegionConfiguration.d.ts +6 -0
  135. package/dist-browser/authority/AzureRegionConfiguration.d.ts.map +1 -0
  136. package/dist-browser/authority/CloudDiscoveryMetadata.d.ts +6 -0
  137. package/dist-browser/authority/CloudDiscoveryMetadata.d.ts.map +1 -0
  138. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.d.ts +14 -0
  139. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.d.ts.map +1 -0
  140. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +13 -0
  141. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs.map +1 -0
  142. package/dist-browser/authority/CloudInstanceDiscoveryResponse.d.ts +10 -0
  143. package/dist-browser/authority/CloudInstanceDiscoveryResponse.d.ts.map +1 -0
  144. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +13 -0
  145. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs.map +1 -0
  146. package/dist-browser/authority/ImdsOptions.d.ts +6 -0
  147. package/dist-browser/authority/ImdsOptions.d.ts.map +1 -0
  148. package/dist-browser/authority/OIDCOptions.d.ts +9 -0
  149. package/dist-browser/authority/OIDCOptions.d.ts.map +1 -0
  150. package/dist-browser/authority/OpenIdConfigResponse.d.ts +12 -0
  151. package/dist-browser/authority/OpenIdConfigResponse.d.ts.map +1 -0
  152. package/dist-browser/authority/OpenIdConfigResponse.mjs +15 -0
  153. package/dist-browser/authority/OpenIdConfigResponse.mjs.map +1 -0
  154. package/dist-browser/authority/ProtocolMode.d.ts +20 -0
  155. package/dist-browser/authority/ProtocolMode.d.ts.map +1 -0
  156. package/dist-browser/authority/ProtocolMode.mjs +27 -0
  157. package/dist-browser/authority/ProtocolMode.mjs.map +1 -0
  158. package/dist-browser/authority/RegionDiscovery.d.ts +33 -0
  159. package/dist-browser/authority/RegionDiscovery.d.ts.map +1 -0
  160. package/dist-browser/authority/RegionDiscovery.mjs +111 -0
  161. package/dist-browser/authority/RegionDiscovery.mjs.map +1 -0
  162. package/dist-browser/authority/RegionDiscoveryMetadata.d.ts +7 -0
  163. package/dist-browser/authority/RegionDiscoveryMetadata.d.ts.map +1 -0
  164. package/dist-browser/broker/nativeBroker/INativeBrokerPlugin.d.ts +17 -0
  165. package/dist-browser/broker/nativeBroker/INativeBrokerPlugin.d.ts.map +1 -0
  166. package/dist-browser/cache/CacheManager.d.ts +478 -0
  167. package/dist-browser/cache/CacheManager.d.ts.map +1 -0
  168. package/dist-browser/cache/CacheManager.mjs +1111 -0
  169. package/dist-browser/cache/CacheManager.mjs.map +1 -0
  170. package/dist-browser/cache/entities/AccessTokenEntity.d.ts +22 -0
  171. package/dist-browser/cache/entities/AccessTokenEntity.d.ts.map +1 -0
  172. package/dist-browser/cache/entities/AccountEntity.d.ts +45 -0
  173. package/dist-browser/cache/entities/AccountEntity.d.ts.map +1 -0
  174. package/dist-browser/cache/entities/AppMetadataEntity.d.ts +12 -0
  175. package/dist-browser/cache/entities/AppMetadataEntity.d.ts.map +1 -0
  176. package/dist-browser/cache/entities/AuthorityMetadataEntity.d.ts +16 -0
  177. package/dist-browser/cache/entities/AuthorityMetadataEntity.d.ts.map +1 -0
  178. package/dist-browser/cache/entities/CacheRecord.d.ts +14 -0
  179. package/dist-browser/cache/entities/CacheRecord.d.ts.map +1 -0
  180. package/dist-browser/cache/entities/CredentialEntity.d.ts +31 -0
  181. package/dist-browser/cache/entities/CredentialEntity.d.ts.map +1 -0
  182. package/dist-browser/cache/entities/IdTokenEntity.d.ts +9 -0
  183. package/dist-browser/cache/entities/IdTokenEntity.d.ts.map +1 -0
  184. package/dist-browser/cache/entities/RefreshTokenEntity.d.ts +8 -0
  185. package/dist-browser/cache/entities/RefreshTokenEntity.d.ts.map +1 -0
  186. package/dist-browser/cache/entities/ServerTelemetryEntity.d.ts +7 -0
  187. package/dist-browser/cache/entities/ServerTelemetryEntity.d.ts.map +1 -0
  188. package/dist-browser/cache/entities/ThrottlingEntity.d.ts +8 -0
  189. package/dist-browser/cache/entities/ThrottlingEntity.d.ts.map +1 -0
  190. package/dist-browser/cache/interface/ICacheManager.d.ts +188 -0
  191. package/dist-browser/cache/interface/ICacheManager.d.ts.map +1 -0
  192. package/dist-browser/cache/interface/ICachePlugin.d.ts +6 -0
  193. package/dist-browser/cache/interface/ICachePlugin.d.ts.map +1 -0
  194. package/dist-browser/cache/interface/ISerializableTokenCache.d.ts +5 -0
  195. package/dist-browser/cache/interface/ISerializableTokenCache.d.ts.map +1 -0
  196. package/dist-browser/cache/persistence/TokenCacheContext.d.ts +24 -0
  197. package/dist-browser/cache/persistence/TokenCacheContext.d.ts.map +1 -0
  198. package/dist-browser/cache/persistence/TokenCacheContext.mjs +30 -0
  199. package/dist-browser/cache/persistence/TokenCacheContext.mjs.map +1 -0
  200. package/dist-browser/cache/utils/AccountEntityUtils.d.ts +53 -0
  201. package/dist-browser/cache/utils/AccountEntityUtils.d.ts.map +1 -0
  202. package/dist-browser/cache/utils/AccountEntityUtils.mjs +192 -0
  203. package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -0
  204. package/dist-browser/cache/utils/CacheHelpers.d.ts +86 -0
  205. package/dist-browser/cache/utils/CacheHelpers.d.ts.map +1 -0
  206. package/dist-browser/cache/utils/CacheHelpers.mjs +267 -0
  207. package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -0
  208. package/dist-browser/cache/utils/CacheTypes.d.ts +69 -0
  209. package/dist-browser/cache/utils/CacheTypes.d.ts.map +1 -0
  210. package/dist-browser/client/AuthorizationCodeClient.d.ts +64 -0
  211. package/dist-browser/client/AuthorizationCodeClient.d.ts.map +1 -0
  212. package/dist-browser/client/AuthorizationCodeClient.mjs +287 -0
  213. package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -0
  214. package/dist-browser/client/RefreshTokenClient.d.ts +49 -0
  215. package/dist-browser/client/RefreshTokenClient.d.ts.map +1 -0
  216. package/dist-browser/client/RefreshTokenClient.mjs +254 -0
  217. package/dist-browser/client/RefreshTokenClient.mjs.map +1 -0
  218. package/dist-browser/client/SilentFlowClient.d.ts +35 -0
  219. package/dist-browser/client/SilentFlowClient.d.ts.map +1 -0
  220. package/dist-browser/client/SilentFlowClient.mjs +125 -0
  221. package/dist-browser/client/SilentFlowClient.mjs.map +1 -0
  222. package/dist-browser/config/AppTokenProvider.d.ts +39 -0
  223. package/dist-browser/config/AppTokenProvider.d.ts.map +1 -0
  224. package/dist-browser/config/ClientConfiguration.d.ts +143 -0
  225. package/dist-browser/config/ClientConfiguration.d.ts.map +1 -0
  226. package/dist-browser/config/ClientConfiguration.mjs +107 -0
  227. package/dist-browser/config/ClientConfiguration.mjs.map +1 -0
  228. package/dist-browser/constants/AADServerParamKeys.d.ts +59 -0
  229. package/dist-browser/constants/AADServerParamKeys.d.ts.map +1 -0
  230. package/dist-browser/constants/AADServerParamKeys.mjs +67 -0
  231. package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -0
  232. package/dist-browser/crypto/ICrypto.d.ts +71 -0
  233. package/dist-browser/crypto/ICrypto.d.ts.map +1 -0
  234. package/dist-browser/crypto/ICrypto.mjs +44 -0
  235. package/dist-browser/crypto/ICrypto.mjs.map +1 -0
  236. package/dist-browser/crypto/IGuidGenerator.d.ts +5 -0
  237. package/dist-browser/crypto/IGuidGenerator.d.ts.map +1 -0
  238. package/dist-browser/crypto/JoseHeader.d.ts +23 -0
  239. package/dist-browser/crypto/JoseHeader.d.ts.map +1 -0
  240. package/dist-browser/crypto/JoseHeader.mjs +46 -0
  241. package/dist-browser/crypto/JoseHeader.mjs.map +1 -0
  242. package/dist-browser/crypto/PopTokenGenerator.d.ts +60 -0
  243. package/dist-browser/crypto/PopTokenGenerator.d.ts.map +1 -0
  244. package/dist-browser/crypto/PopTokenGenerator.mjs +87 -0
  245. package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -0
  246. package/dist-browser/crypto/SignedHttpRequest.d.ts +16 -0
  247. package/dist-browser/crypto/SignedHttpRequest.d.ts.map +1 -0
  248. package/dist-browser/error/AuthError.d.ts +33 -0
  249. package/dist-browser/error/AuthError.d.ts.map +1 -0
  250. package/dist-browser/error/AuthError.mjs +34 -0
  251. package/dist-browser/error/AuthError.mjs.map +1 -0
  252. package/dist-browser/error/AuthErrorCodes.d.ts +6 -0
  253. package/dist-browser/error/AuthErrorCodes.d.ts.map +1 -0
  254. package/dist-browser/error/AuthErrorCodes.mjs +14 -0
  255. package/dist-browser/error/AuthErrorCodes.mjs.map +1 -0
  256. package/dist-browser/error/CacheError.d.ts +23 -0
  257. package/dist-browser/error/CacheError.d.ts.map +1 -0
  258. package/dist-browser/error/CacheError.mjs +45 -0
  259. package/dist-browser/error/CacheError.mjs.map +1 -0
  260. package/dist-browser/error/CacheErrorCodes.d.ts +3 -0
  261. package/dist-browser/error/CacheErrorCodes.d.ts.map +1 -0
  262. package/dist-browser/error/CacheErrorCodes.mjs +11 -0
  263. package/dist-browser/error/CacheErrorCodes.mjs.map +1 -0
  264. package/dist-browser/error/ClientAuthError.d.ts +14 -0
  265. package/dist-browser/error/ClientAuthError.d.ts.map +1 -0
  266. package/dist-browser/error/ClientAuthError.mjs +27 -0
  267. package/dist-browser/error/ClientAuthError.mjs.map +1 -0
  268. package/dist-browser/error/ClientAuthErrorCodes.d.ts +38 -0
  269. package/dist-browser/error/ClientAuthErrorCodes.d.ts.map +1 -0
  270. package/dist-browser/error/ClientAuthErrorCodes.mjs +46 -0
  271. package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -0
  272. package/dist-browser/error/ClientConfigurationError.d.ts +11 -0
  273. package/dist-browser/error/ClientConfigurationError.d.ts.map +1 -0
  274. package/dist-browser/error/ClientConfigurationError.mjs +24 -0
  275. package/dist-browser/error/ClientConfigurationError.mjs.map +1 -0
  276. package/dist-browser/error/ClientConfigurationErrorCodes.d.ts +23 -0
  277. package/dist-browser/error/ClientConfigurationErrorCodes.d.ts.map +1 -0
  278. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +31 -0
  279. package/dist-browser/error/ClientConfigurationErrorCodes.mjs.map +1 -0
  280. package/dist-browser/error/InteractionRequiredAuthError.d.ts +48 -0
  281. package/dist-browser/error/InteractionRequiredAuthError.d.ts.map +1 -0
  282. package/dist-browser/error/InteractionRequiredAuthError.mjs +73 -0
  283. package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -0
  284. package/dist-browser/error/InteractionRequiredAuthErrorCodes.d.ts +9 -0
  285. package/dist-browser/error/InteractionRequiredAuthErrorCodes.d.ts.map +1 -0
  286. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +19 -0
  287. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs.map +1 -0
  288. package/dist-browser/error/JoseHeaderError.d.ts +12 -0
  289. package/dist-browser/error/JoseHeaderError.d.ts.map +1 -0
  290. package/dist-browser/error/JoseHeaderError.mjs +25 -0
  291. package/dist-browser/error/JoseHeaderError.mjs.map +1 -0
  292. package/dist-browser/error/JoseHeaderErrorCodes.d.ts +3 -0
  293. package/dist-browser/error/JoseHeaderErrorCodes.d.ts.map +1 -0
  294. package/dist-browser/error/JoseHeaderErrorCodes.mjs +11 -0
  295. package/dist-browser/error/JoseHeaderErrorCodes.mjs.map +1 -0
  296. package/dist-browser/error/NetworkError.d.ts +19 -0
  297. package/dist-browser/error/NetworkError.d.ts.map +1 -0
  298. package/dist-browser/error/NetworkError.mjs +35 -0
  299. package/dist-browser/error/NetworkError.mjs.map +1 -0
  300. package/dist-browser/error/PlatformBrokerError.d.ts +16 -0
  301. package/dist-browser/error/PlatformBrokerError.d.ts.map +1 -0
  302. package/dist-browser/error/PlatformBrokerError.mjs +49 -0
  303. package/dist-browser/error/PlatformBrokerError.mjs.map +1 -0
  304. package/dist-browser/error/ServerError.d.ts +16 -0
  305. package/dist-browser/error/ServerError.d.ts.map +1 -0
  306. package/dist-browser/error/ServerError.mjs +23 -0
  307. package/dist-browser/error/ServerError.mjs.map +1 -0
  308. package/dist-browser/exports-browser-only.d.ts +11 -0
  309. package/dist-browser/exports-browser-only.d.ts.map +1 -0
  310. package/dist-browser/exports-common.d.ts +86 -0
  311. package/dist-browser/exports-common.d.ts.map +1 -0
  312. package/dist-browser/exports-node-only.d.ts +16 -0
  313. package/dist-browser/exports-node-only.d.ts.map +1 -0
  314. package/dist-browser/index-browser.d.ts +7 -0
  315. package/dist-browser/index-browser.d.ts.map +1 -0
  316. package/dist-browser/index-browser.mjs +78 -0
  317. package/dist-browser/index-browser.mjs.map +1 -0
  318. package/dist-browser/index-node.d.ts +7 -0
  319. package/dist-browser/index-node.d.ts.map +1 -0
  320. package/dist-browser/index.d.ts +12 -0
  321. package/dist-browser/index.d.ts.map +1 -0
  322. package/dist-browser/index.mjs +82 -0
  323. package/dist-browser/index.mjs.map +1 -0
  324. package/dist-browser/log-strings-mapping.json +383 -0
  325. package/dist-browser/logger/Logger.d.ts +119 -0
  326. package/dist-browser/logger/Logger.d.ts.map +1 -0
  327. package/dist-browser/logger/Logger.mjs +278 -0
  328. package/dist-browser/logger/Logger.mjs.map +1 -0
  329. package/dist-browser/network/INetworkModule.d.ts +30 -0
  330. package/dist-browser/network/INetworkModule.d.ts.map +1 -0
  331. package/dist-browser/network/INetworkModule.mjs +20 -0
  332. package/dist-browser/network/INetworkModule.mjs.map +1 -0
  333. package/dist-browser/network/NetworkResponse.d.ts +6 -0
  334. package/dist-browser/network/NetworkResponse.d.ts.map +1 -0
  335. package/dist-browser/network/RequestThumbprint.d.ts +22 -0
  336. package/dist-browser/network/RequestThumbprint.d.ts.map +1 -0
  337. package/dist-browser/network/RequestThumbprint.mjs +24 -0
  338. package/dist-browser/network/RequestThumbprint.mjs.map +1 -0
  339. package/dist-browser/network/ThrottlingUtils.d.ts +43 -0
  340. package/dist-browser/network/ThrottlingUtils.d.ts.map +1 -0
  341. package/dist-browser/network/ThrottlingUtils.mjs +92 -0
  342. package/dist-browser/network/ThrottlingUtils.mjs.map +1 -0
  343. package/dist-browser/packageMetadata.d.ts +3 -0
  344. package/dist-browser/packageMetadata.d.ts.map +1 -0
  345. package/dist-browser/packageMetadata.mjs +8 -0
  346. package/dist-browser/packageMetadata.mjs.map +1 -0
  347. package/dist-browser/protocol/Authorize.d.ts +37 -0
  348. package/dist-browser/protocol/Authorize.d.ts.map +1 -0
  349. package/dist-browser/protocol/Authorize.mjs +237 -0
  350. package/dist-browser/protocol/Authorize.mjs.map +1 -0
  351. package/dist-browser/protocol/Token.d.ts +40 -0
  352. package/dist-browser/protocol/Token.d.ts.map +1 -0
  353. package/dist-browser/protocol/Token.mjs +129 -0
  354. package/dist-browser/protocol/Token.mjs.map +1 -0
  355. package/dist-browser/request/AuthenticationHeaderParser.d.ts +20 -0
  356. package/dist-browser/request/AuthenticationHeaderParser.d.ts.map +1 -0
  357. package/dist-browser/request/AuthenticationHeaderParser.mjs +64 -0
  358. package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -0
  359. package/dist-browser/request/BaseAuthRequest.d.ts +95 -0
  360. package/dist-browser/request/BaseAuthRequest.d.ts.map +1 -0
  361. package/dist-browser/request/CommonAuthorizationCodeRequest.d.ts +32 -0
  362. package/dist-browser/request/CommonAuthorizationCodeRequest.d.ts.map +1 -0
  363. package/dist-browser/request/CommonAuthorizationUrlRequest.d.ts +71 -0
  364. package/dist-browser/request/CommonAuthorizationUrlRequest.d.ts.map +1 -0
  365. package/dist-browser/request/CommonEndSessionRequest.d.ts +36 -0
  366. package/dist-browser/request/CommonEndSessionRequest.d.ts.map +1 -0
  367. package/dist-browser/request/CommonRefreshTokenRequest.d.ts +24 -0
  368. package/dist-browser/request/CommonRefreshTokenRequest.d.ts.map +1 -0
  369. package/dist-browser/request/CommonSilentFlowRequest.d.ts +24 -0
  370. package/dist-browser/request/CommonSilentFlowRequest.d.ts.map +1 -0
  371. package/dist-browser/request/NativeRequest.d.ts +20 -0
  372. package/dist-browser/request/NativeRequest.d.ts.map +1 -0
  373. package/dist-browser/request/NativeSignOutRequest.d.ts +6 -0
  374. package/dist-browser/request/NativeSignOutRequest.d.ts.map +1 -0
  375. package/dist-browser/request/RequestParameterBuilder.d.ts +217 -0
  376. package/dist-browser/request/RequestParameterBuilder.d.ts.map +1 -0
  377. package/dist-browser/request/RequestParameterBuilder.mjs +410 -0
  378. package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -0
  379. package/dist-browser/request/ScopeSet.d.ts +83 -0
  380. package/dist-browser/request/ScopeSet.d.ts.map +1 -0
  381. package/dist-browser/request/ScopeSet.mjs +204 -0
  382. package/dist-browser/request/ScopeSet.mjs.map +1 -0
  383. package/dist-browser/request/StoreInCache.d.ts +9 -0
  384. package/dist-browser/request/StoreInCache.d.ts.map +1 -0
  385. package/dist-browser/response/AuthenticationResult.d.ts +42 -0
  386. package/dist-browser/response/AuthenticationResult.d.ts.map +1 -0
  387. package/dist-browser/response/AuthorizationCodePayload.d.ts +14 -0
  388. package/dist-browser/response/AuthorizationCodePayload.d.ts.map +1 -0
  389. package/dist-browser/response/AuthorizeResponse.d.ts +76 -0
  390. package/dist-browser/response/AuthorizeResponse.d.ts.map +1 -0
  391. package/dist-browser/response/DeviceCodeResponse.d.ts +26 -0
  392. package/dist-browser/response/DeviceCodeResponse.d.ts.map +1 -0
  393. package/dist-browser/response/ExternalTokenResponse.d.ts +16 -0
  394. package/dist-browser/response/ExternalTokenResponse.d.ts.map +1 -0
  395. package/dist-browser/response/IMDSBadResponse.d.ts +5 -0
  396. package/dist-browser/response/IMDSBadResponse.d.ts.map +1 -0
  397. package/dist-browser/response/ResponseHandler.d.ts +63 -0
  398. package/dist-browser/response/ResponseHandler.d.ts.map +1 -0
  399. package/dist-browser/response/ResponseHandler.mjs +349 -0
  400. package/dist-browser/response/ResponseHandler.mjs.map +1 -0
  401. package/dist-browser/response/ServerAuthorizationTokenResponse.d.ts +48 -0
  402. package/dist-browser/response/ServerAuthorizationTokenResponse.d.ts.map +1 -0
  403. package/dist-browser/telemetry/performance/IPerformanceClient.d.ts +30 -0
  404. package/dist-browser/telemetry/performance/IPerformanceClient.d.ts.map +1 -0
  405. package/dist-browser/telemetry/performance/IPerformanceMeasurement.d.ts +6 -0
  406. package/dist-browser/telemetry/performance/IPerformanceMeasurement.d.ts.map +1 -0
  407. package/dist-browser/telemetry/performance/PerformanceClient.d.ts +170 -0
  408. package/dist-browser/telemetry/performance/PerformanceClient.d.ts.map +1 -0
  409. package/dist-browser/telemetry/performance/PerformanceClient.mjs +490 -0
  410. package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -0
  411. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts +286 -0
  412. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts.map +1 -0
  413. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +45 -0
  414. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -0
  415. package/dist-browser/telemetry/performance/PerformanceEvents.d.ts +66 -0
  416. package/dist-browser/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
  417. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +74 -0
  418. package/dist-browser/telemetry/performance/PerformanceEvents.mjs.map +1 -0
  419. package/dist-browser/telemetry/performance/StubPerformanceClient.d.ts +21 -0
  420. package/dist-browser/telemetry/performance/StubPerformanceClient.d.ts.map +1 -0
  421. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +59 -0
  422. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs.map +1 -0
  423. package/dist-browser/telemetry/server/ServerTelemetryManager.d.ts +79 -0
  424. package/dist-browser/telemetry/server/ServerTelemetryManager.d.ts.map +1 -0
  425. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +266 -0
  426. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs.map +1 -0
  427. package/dist-browser/telemetry/server/ServerTelemetryRequest.d.ts +9 -0
  428. package/dist-browser/telemetry/server/ServerTelemetryRequest.d.ts.map +1 -0
  429. package/dist-browser/url/IUri.d.ts +13 -0
  430. package/dist-browser/url/IUri.d.ts.map +1 -0
  431. package/dist-browser/url/UrlString.d.ts +44 -0
  432. package/dist-browser/url/UrlString.d.ts.map +1 -0
  433. package/dist-browser/url/UrlString.mjs +164 -0
  434. package/dist-browser/url/UrlString.mjs.map +1 -0
  435. package/dist-browser/utils/ClientAssertionUtils.d.ts +3 -0
  436. package/dist-browser/utils/ClientAssertionUtils.d.ts.map +1 -0
  437. package/dist-browser/utils/ClientAssertionUtils.mjs +21 -0
  438. package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -0
  439. package/dist-browser/utils/Constants.d.ts +283 -0
  440. package/dist-browser/utils/Constants.d.ts.map +1 -0
  441. package/dist-browser/utils/Constants.mjs +298 -0
  442. package/dist-browser/utils/Constants.mjs.map +1 -0
  443. package/dist-browser/utils/FunctionWrappers.d.ts +28 -0
  444. package/dist-browser/utils/FunctionWrappers.d.ts.map +1 -0
  445. package/dist-browser/utils/FunctionWrappers.mjs +98 -0
  446. package/dist-browser/utils/FunctionWrappers.mjs.map +1 -0
  447. package/dist-browser/utils/MsalTypes.d.ts +7 -0
  448. package/dist-browser/utils/MsalTypes.d.ts.map +1 -0
  449. package/dist-browser/utils/ProtocolUtils.d.ts +22 -0
  450. package/dist-browser/utils/ProtocolUtils.d.ts.map +1 -0
  451. package/dist-browser/utils/ProtocolUtils.mjs +74 -0
  452. package/dist-browser/utils/ProtocolUtils.mjs.map +1 -0
  453. package/dist-browser/utils/StateTypes.d.ts +15 -0
  454. package/dist-browser/utils/StateTypes.d.ts.map +1 -0
  455. package/dist-browser/utils/StringUtils.d.ts +41 -0
  456. package/dist-browser/utils/StringUtils.d.ts.map +1 -0
  457. package/dist-browser/utils/StringUtils.mjs +100 -0
  458. package/dist-browser/utils/StringUtils.mjs.map +1 -0
  459. package/dist-browser/utils/TimeUtils.d.ts +43 -0
  460. package/dist-browser/utils/TimeUtils.d.ts.map +1 -0
  461. package/dist-browser/utils/TimeUtils.mjs +76 -0
  462. package/dist-browser/utils/TimeUtils.mjs.map +1 -0
  463. package/dist-browser/utils/UrlUtils.d.ts +23 -0
  464. package/dist-browser/utils/UrlUtils.d.ts.map +1 -0
  465. package/dist-browser/utils/UrlUtils.mjs +115 -0
  466. package/dist-browser/utils/UrlUtils.mjs.map +1 -0
  467. package/lib/index-browser.cjs +2 -2
  468. package/lib/{index-node-B7mR4APO.js → index-node-A5mPbLhz.js} +14 -9
  469. package/lib/{index-node-B7mR4APO.js.map → index-node-A5mPbLhz.js.map} +1 -1
  470. package/lib/index-node.cjs +2 -2
  471. package/lib/index.cjs +2 -2
  472. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  473. package/lib/types/packageMetadata.d.ts +1 -1
  474. package/lib/types/packageMetadata.d.ts.map +1 -1
  475. package/lib/types/request/BaseAuthRequest.d.ts +63 -20
  476. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  477. package/lib/types/request/CommonAuthorizationCodeRequest.d.ts +18 -13
  478. package/lib/types/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
  479. package/lib/types/request/CommonAuthorizationUrlRequest.d.ts +48 -27
  480. package/lib/types/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
  481. package/lib/types/request/CommonEndSessionRequest.d.ts +21 -7
  482. package/lib/types/request/CommonEndSessionRequest.d.ts.map +1 -1
  483. package/lib/types/request/CommonRefreshTokenRequest.d.ts +12 -10
  484. package/lib/types/request/CommonRefreshTokenRequest.d.ts.map +1 -1
  485. package/lib/types/request/CommonSilentFlowRequest.d.ts +12 -14
  486. package/lib/types/request/CommonSilentFlowRequest.d.ts.map +1 -1
  487. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  488. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +3 -1
  489. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  490. package/package.json +5 -3
  491. package/src/client/RefreshTokenClient.ts +13 -16
  492. package/src/packageMetadata.ts +1 -1
  493. package/src/request/BaseAuthRequest.ts +63 -20
  494. package/src/request/CommonAuthorizationCodeRequest.ts +18 -13
  495. package/src/request/CommonAuthorizationUrlRequest.ts +48 -27
  496. package/src/request/CommonEndSessionRequest.ts +21 -7
  497. package/src/request/CommonRefreshTokenRequest.ts +12 -10
  498. package/src/request/CommonSilentFlowRequest.ts +12 -14
  499. package/src/response/ResponseHandler.ts +5 -0
  500. package/src/telemetry/performance/PerformanceEvent.ts +3 -1
@@ -0,0 +1,1111 @@
1
+ /*! @azure/msal-common v16.0.2 2026-01-17 */
2
+ 'use strict';
3
+ import { CredentialType, AuthenticationScheme, THE_FAMILY_ID, APP_METADATA, AUTHORITY_METADATA_CACHE_KEY } from '../utils/Constants.mjs';
4
+ import { ScopeSet } from '../request/ScopeSet.mjs';
5
+ import { createClientAuthError } from '../error/ClientAuthError.mjs';
6
+ import { updateAccountTenantProfileData } from '../account/AccountInfo.mjs';
7
+ import { extractTokenClaims } from '../account/AuthToken.mjs';
8
+ import { name, version } from '../packageMetadata.mjs';
9
+ import { getAliasesFromStaticSources } from '../authority/AuthorityMetadata.mjs';
10
+ import { createCacheError } from '../error/CacheError.mjs';
11
+ import { getAccountInfo } from './utils/AccountEntityUtils.mjs';
12
+ import { AuthError } from '../error/AuthError.mjs';
13
+ import { invalidCacheRecord, multipleMatchingAppMetadata, methodNotImplemented } from '../error/ClientAuthErrorCodes.mjs';
14
+
15
+ /*
16
+ * Copyright (c) Microsoft Corporation. All rights reserved.
17
+ * Licensed under the MIT License.
18
+ */
19
+ /**
20
+ * Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens.
21
+ * @internal
22
+ */
23
+ class CacheManager {
24
+ constructor(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions) {
25
+ this.clientId = clientId;
26
+ this.cryptoImpl = cryptoImpl;
27
+ this.commonLogger = logger.clone(name, version);
28
+ this.staticAuthorityOptions = staticAuthorityOptions;
29
+ this.performanceClient = performanceClient;
30
+ }
31
+ /**
32
+ * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.
33
+ * @param accountFilter - (Optional) filter to narrow down the accounts returned
34
+ * @returns Array of AccountInfo objects in cache
35
+ */
36
+ getAllAccounts(accountFilter = {}, correlationId) {
37
+ return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter, correlationId), correlationId, accountFilter);
38
+ }
39
+ /**
40
+ * Gets first tenanted AccountInfo object found based on provided filters
41
+ */
42
+ getAccountInfoFilteredBy(accountFilter, correlationId) {
43
+ const allAccounts = this.getAllAccounts(accountFilter, correlationId);
44
+ if (allAccounts.length > 1) {
45
+ // If one or more accounts are found, prioritize accounts that have an ID token
46
+ const sortedAccounts = allAccounts.sort((account) => {
47
+ return account.idTokenClaims ? -1 : 1;
48
+ });
49
+ return sortedAccounts[0];
50
+ }
51
+ else if (allAccounts.length === 1) {
52
+ // If only one account is found, return it regardless of whether a matching ID token was found
53
+ return allAccounts[0];
54
+ }
55
+ else {
56
+ return null;
57
+ }
58
+ }
59
+ /**
60
+ * Returns a single matching
61
+ * @param accountFilter
62
+ * @returns
63
+ */
64
+ getBaseAccountInfo(accountFilter, correlationId) {
65
+ const accountEntities = this.getAccountsFilteredBy(accountFilter, correlationId);
66
+ if (accountEntities.length > 0) {
67
+ return getAccountInfo(accountEntities[0]);
68
+ }
69
+ else {
70
+ return null;
71
+ }
72
+ }
73
+ /**
74
+ * Matches filtered account entities with cached ID tokens that match the tenant profile-specific account filters
75
+ * and builds the account info objects from the matching ID token's claims
76
+ * @param cachedAccounts
77
+ * @param accountFilter
78
+ * @returns Array of AccountInfo objects that match account and tenant profile filters
79
+ */
80
+ buildTenantProfiles(cachedAccounts, correlationId, accountFilter) {
81
+ return cachedAccounts.flatMap((accountEntity) => {
82
+ return this.getTenantProfilesFromAccountEntity(accountEntity, correlationId, accountFilter?.tenantId, accountFilter);
83
+ });
84
+ }
85
+ getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, correlationId, tenantProfileFilter) {
86
+ let tenantedAccountInfo = null;
87
+ let idTokenClaims;
88
+ if (tenantProfileFilter) {
89
+ if (!this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter)) {
90
+ return null;
91
+ }
92
+ }
93
+ const idToken = this.getIdToken(accountInfo, correlationId, tokenKeys, tenantProfile.tenantId);
94
+ if (idToken) {
95
+ idTokenClaims = extractTokenClaims(idToken.secret, this.cryptoImpl.base64Decode);
96
+ if (!this.idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter)) {
97
+ // ID token sourced claims don't match so this tenant profile is not a match
98
+ return null;
99
+ }
100
+ }
101
+ // Expand tenant profile into account info based on matching tenant profile and if available matching ID token claims
102
+ tenantedAccountInfo = updateAccountTenantProfileData(accountInfo, tenantProfile, idTokenClaims, idToken?.secret);
103
+ return tenantedAccountInfo;
104
+ }
105
+ getTenantProfilesFromAccountEntity(accountEntity, correlationId, targetTenantId, tenantProfileFilter) {
106
+ const accountInfo = getAccountInfo(accountEntity);
107
+ let searchTenantProfiles = accountInfo.tenantProfiles || new Map();
108
+ const tokenKeys = this.getTokenKeys();
109
+ // If a tenant ID was provided, only return the tenant profile for that tenant ID if it exists
110
+ if (targetTenantId) {
111
+ const tenantProfile = searchTenantProfiles.get(targetTenantId);
112
+ if (tenantProfile) {
113
+ // Reduce search field to just this tenant profile
114
+ searchTenantProfiles = new Map([
115
+ [targetTenantId, tenantProfile],
116
+ ]);
117
+ }
118
+ else {
119
+ // No tenant profile for search tenant ID, return empty array
120
+ return [];
121
+ }
122
+ }
123
+ const matchingTenantProfiles = [];
124
+ searchTenantProfiles.forEach((tenantProfile) => {
125
+ const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, correlationId, tenantProfileFilter);
126
+ if (tenantedAccountInfo) {
127
+ matchingTenantProfiles.push(tenantedAccountInfo);
128
+ }
129
+ });
130
+ return matchingTenantProfiles;
131
+ }
132
+ tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter) {
133
+ if (!!tenantProfileFilter.localAccountId &&
134
+ !this.matchLocalAccountIdFromTenantProfile(tenantProfile, tenantProfileFilter.localAccountId)) {
135
+ return false;
136
+ }
137
+ if (!!tenantProfileFilter.name &&
138
+ !(tenantProfile.name === tenantProfileFilter.name)) {
139
+ return false;
140
+ }
141
+ if (tenantProfileFilter.isHomeTenant !== undefined &&
142
+ !(tenantProfile.isHomeTenant === tenantProfileFilter.isHomeTenant)) {
143
+ return false;
144
+ }
145
+ return true;
146
+ }
147
+ idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter) {
148
+ // Tenant Profile filtering
149
+ if (tenantProfileFilter) {
150
+ if (!!tenantProfileFilter.localAccountId &&
151
+ !this.matchLocalAccountIdFromTokenClaims(idTokenClaims, tenantProfileFilter.localAccountId)) {
152
+ return false;
153
+ }
154
+ if (!!tenantProfileFilter.loginHint &&
155
+ !this.matchLoginHintFromTokenClaims(idTokenClaims, tenantProfileFilter.loginHint)) {
156
+ return false;
157
+ }
158
+ if (!!tenantProfileFilter.username &&
159
+ !this.matchUsername(idTokenClaims.preferred_username, tenantProfileFilter.username)) {
160
+ return false;
161
+ }
162
+ if (!!tenantProfileFilter.name &&
163
+ !this.matchName(idTokenClaims, tenantProfileFilter.name)) {
164
+ return false;
165
+ }
166
+ if (!!tenantProfileFilter.sid &&
167
+ !this.matchSid(idTokenClaims, tenantProfileFilter.sid)) {
168
+ return false;
169
+ }
170
+ }
171
+ return true;
172
+ }
173
+ /**
174
+ * saves a cache record
175
+ * @param cacheRecord {CacheRecord}
176
+ * @param storeInCache {?StoreInCache}
177
+ * @param correlationId {?string} correlation id
178
+ */
179
+ async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
180
+ if (!cacheRecord) {
181
+ throw createClientAuthError(invalidCacheRecord);
182
+ }
183
+ try {
184
+ if (!!cacheRecord.account) {
185
+ await this.setAccount(cacheRecord.account, correlationId, kmsi);
186
+ }
187
+ if (!!cacheRecord.idToken && storeInCache?.idToken !== false) {
188
+ await this.setIdTokenCredential(cacheRecord.idToken, correlationId, kmsi);
189
+ }
190
+ if (!!cacheRecord.accessToken &&
191
+ storeInCache?.accessToken !== false) {
192
+ await this.saveAccessToken(cacheRecord.accessToken, correlationId, kmsi);
193
+ }
194
+ if (!!cacheRecord.refreshToken &&
195
+ storeInCache?.refreshToken !== false) {
196
+ await this.setRefreshTokenCredential(cacheRecord.refreshToken, correlationId, kmsi);
197
+ }
198
+ if (!!cacheRecord.appMetadata) {
199
+ this.setAppMetadata(cacheRecord.appMetadata, correlationId);
200
+ }
201
+ }
202
+ catch (e) {
203
+ this.commonLogger?.error("0j476p", correlationId);
204
+ if (e instanceof AuthError) {
205
+ throw e;
206
+ }
207
+ else {
208
+ throw createCacheError(e);
209
+ }
210
+ }
211
+ }
212
+ /**
213
+ * saves access token credential
214
+ * @param credential
215
+ */
216
+ async saveAccessToken(credential, correlationId, kmsi) {
217
+ const accessTokenFilter = {
218
+ clientId: credential.clientId,
219
+ credentialType: credential.credentialType,
220
+ environment: credential.environment,
221
+ homeAccountId: credential.homeAccountId,
222
+ realm: credential.realm,
223
+ tokenType: credential.tokenType,
224
+ };
225
+ const tokenKeys = this.getTokenKeys();
226
+ const currentScopes = ScopeSet.fromString(credential.target);
227
+ tokenKeys.accessToken.forEach((key) => {
228
+ if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {
229
+ return;
230
+ }
231
+ const tokenEntity = this.getAccessTokenCredential(key, correlationId);
232
+ if (tokenEntity &&
233
+ this.credentialMatchesFilter(tokenEntity, accessTokenFilter, correlationId)) {
234
+ const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
235
+ if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
236
+ this.removeAccessToken(key, correlationId);
237
+ }
238
+ }
239
+ });
240
+ await this.setAccessTokenCredential(credential, correlationId, kmsi);
241
+ }
242
+ /**
243
+ * Retrieve account entities matching all provided tenant-agnostic filters; if no filter is set, get all account entities in the cache
244
+ * Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared
245
+ * @param accountFilter - An object containing Account properties to filter by
246
+ */
247
+ getAccountsFilteredBy(accountFilter, correlationId) {
248
+ const allAccountKeys = this.getAccountKeys();
249
+ const matchingAccounts = [];
250
+ allAccountKeys.forEach((cacheKey) => {
251
+ const entity = this.getAccount(cacheKey, correlationId);
252
+ // Match base account fields
253
+ if (!entity) {
254
+ return;
255
+ }
256
+ if (!!accountFilter.homeAccountId &&
257
+ !this.matchHomeAccountId(entity, accountFilter.homeAccountId)) {
258
+ return;
259
+ }
260
+ if (!!accountFilter.username &&
261
+ !this.matchUsername(entity.username, accountFilter.username)) {
262
+ return;
263
+ }
264
+ if (!!accountFilter.environment &&
265
+ !this.matchEnvironment(entity, accountFilter.environment, correlationId)) {
266
+ return;
267
+ }
268
+ if (!!accountFilter.realm &&
269
+ !this.matchRealm(entity, accountFilter.realm)) {
270
+ return;
271
+ }
272
+ if (!!accountFilter.nativeAccountId &&
273
+ !this.matchNativeAccountId(entity, accountFilter.nativeAccountId)) {
274
+ return;
275
+ }
276
+ if (!!accountFilter.authorityType &&
277
+ !this.matchAuthorityType(entity, accountFilter.authorityType)) {
278
+ return;
279
+ }
280
+ // If at least one tenant profile matches the tenant profile filter, add the account to the list of matching accounts
281
+ const tenantProfileFilter = {
282
+ localAccountId: accountFilter?.localAccountId,
283
+ name: accountFilter?.name,
284
+ };
285
+ const matchingTenantProfiles = entity.tenantProfiles?.filter((tenantProfile) => {
286
+ return this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter);
287
+ });
288
+ if (matchingTenantProfiles && matchingTenantProfiles.length === 0) {
289
+ // No tenant profile for this account matches filter, don't add to list of matching accounts
290
+ return;
291
+ }
292
+ matchingAccounts.push(entity);
293
+ });
294
+ return matchingAccounts;
295
+ }
296
+ /**
297
+ * Returns whether or not the given credential entity matches the filter
298
+ * @param entity
299
+ * @param filter
300
+ * @param correlationId
301
+ * @returns
302
+ */
303
+ credentialMatchesFilter(entity, filter, correlationId) {
304
+ if (!!filter.clientId && !this.matchClientId(entity, filter.clientId)) {
305
+ return false;
306
+ }
307
+ if (!!filter.userAssertionHash &&
308
+ !this.matchUserAssertionHash(entity, filter.userAssertionHash)) {
309
+ return false;
310
+ }
311
+ /*
312
+ * homeAccountId can be undefined, and we want to filter out cached items that have a homeAccountId of ""
313
+ * because we don't want a client_credential request to return a cached token that has a homeAccountId
314
+ */
315
+ if (typeof filter.homeAccountId === "string" &&
316
+ !this.matchHomeAccountId(entity, filter.homeAccountId)) {
317
+ return false;
318
+ }
319
+ if (!!filter.environment &&
320
+ !this.matchEnvironment(entity, filter.environment, correlationId)) {
321
+ return false;
322
+ }
323
+ if (!!filter.realm && !this.matchRealm(entity, filter.realm)) {
324
+ return false;
325
+ }
326
+ if (!!filter.credentialType &&
327
+ !this.matchCredentialType(entity, filter.credentialType)) {
328
+ return false;
329
+ }
330
+ if (!!filter.familyId && !this.matchFamilyId(entity, filter.familyId)) {
331
+ return false;
332
+ }
333
+ /*
334
+ * idTokens do not have "target", target specific refreshTokens do exist for some types of authentication
335
+ * Resource specific refresh tokens case will be added when the support is deemed necessary
336
+ */
337
+ if (!!filter.target && !this.matchTarget(entity, filter.target)) {
338
+ return false;
339
+ }
340
+ // Access Token with Auth Scheme specific matching
341
+ if (entity.credentialType ===
342
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME) {
343
+ if (!!filter.tokenType &&
344
+ !this.matchTokenType(entity, filter.tokenType)) {
345
+ return false;
346
+ }
347
+ // KeyId (sshKid) in request must match cached SSH certificate keyId because SSH cert is bound to a specific key
348
+ if (filter.tokenType === AuthenticationScheme.SSH) {
349
+ if (filter.keyId && !this.matchKeyId(entity, filter.keyId)) {
350
+ return false;
351
+ }
352
+ }
353
+ }
354
+ return true;
355
+ }
356
+ /**
357
+ * retrieve appMetadata matching all provided filters; if no filter is set, get all appMetadata
358
+ * @param filter
359
+ * @param correlationId
360
+ */
361
+ getAppMetadataFilteredBy(filter, correlationId) {
362
+ const allCacheKeys = this.getKeys();
363
+ const matchingAppMetadata = {};
364
+ allCacheKeys.forEach((cacheKey) => {
365
+ // don't parse any non-appMetadata type cache entities
366
+ if (!this.isAppMetadata(cacheKey)) {
367
+ return;
368
+ }
369
+ // Attempt retrieval
370
+ const entity = this.getAppMetadata(cacheKey, correlationId);
371
+ if (!entity) {
372
+ return;
373
+ }
374
+ if (!!filter.environment &&
375
+ !this.matchEnvironment(entity, filter.environment, correlationId)) {
376
+ return;
377
+ }
378
+ if (!!filter.clientId &&
379
+ !this.matchClientId(entity, filter.clientId)) {
380
+ return;
381
+ }
382
+ matchingAppMetadata[cacheKey] = entity;
383
+ });
384
+ return matchingAppMetadata;
385
+ }
386
+ /**
387
+ * retrieve authorityMetadata that contains a matching alias
388
+ * @param host
389
+ * @param correlationId
390
+ */
391
+ getAuthorityMetadataByAlias(host, correlationId) {
392
+ const allCacheKeys = this.getAuthorityMetadataKeys();
393
+ let matchedEntity = null;
394
+ allCacheKeys.forEach((cacheKey) => {
395
+ // don't parse any non-authorityMetadata type cache entities
396
+ if (!this.isAuthorityMetadata(cacheKey) ||
397
+ cacheKey.indexOf(this.clientId) === -1) {
398
+ return;
399
+ }
400
+ // Attempt retrieval
401
+ const entity = this.getAuthorityMetadata(cacheKey, correlationId);
402
+ if (!entity) {
403
+ return;
404
+ }
405
+ if (entity.aliases.indexOf(host) === -1) {
406
+ return;
407
+ }
408
+ matchedEntity = entity;
409
+ });
410
+ return matchedEntity;
411
+ }
412
+ /**
413
+ * Removes all accounts and related tokens from cache.
414
+ */
415
+ removeAllAccounts(correlationId) {
416
+ const accounts = this.getAllAccounts({}, correlationId);
417
+ accounts.forEach((account) => {
418
+ this.removeAccount(account, correlationId);
419
+ });
420
+ }
421
+ /**
422
+ * Removes the account and related tokens for a given account key
423
+ * @param account
424
+ */
425
+ removeAccount(account, correlationId) {
426
+ this.removeAccountContext(account, correlationId);
427
+ const accountKeys = this.getAccountKeys();
428
+ const keyFilter = (key) => {
429
+ return (key.includes(account.homeAccountId) &&
430
+ key.includes(account.environment));
431
+ };
432
+ accountKeys.filter(keyFilter).forEach((key) => {
433
+ this.removeItem(key, correlationId);
434
+ this.performanceClient.incrementFields({ accountsRemoved: 1 }, correlationId);
435
+ });
436
+ }
437
+ /**
438
+ * Removes credentials associated with the provided account
439
+ * @param account
440
+ */
441
+ removeAccountContext(account, correlationId) {
442
+ const allTokenKeys = this.getTokenKeys();
443
+ const keyFilter = (key) => {
444
+ return (key.includes(account.homeAccountId) &&
445
+ key.includes(account.environment));
446
+ };
447
+ allTokenKeys.idToken.filter(keyFilter).forEach((key) => {
448
+ this.removeIdToken(key, correlationId);
449
+ });
450
+ allTokenKeys.accessToken.filter(keyFilter).forEach((key) => {
451
+ this.removeAccessToken(key, correlationId);
452
+ });
453
+ allTokenKeys.refreshToken.filter(keyFilter).forEach((key) => {
454
+ this.removeRefreshToken(key, correlationId);
455
+ });
456
+ }
457
+ /**
458
+ * returns a boolean if the given credential is removed
459
+ * @param key
460
+ * @param correlationId
461
+ */
462
+ removeAccessToken(key, correlationId) {
463
+ const credential = this.getAccessTokenCredential(key, correlationId);
464
+ if (!credential) {
465
+ return;
466
+ }
467
+ this.removeItem(key, correlationId);
468
+ this.performanceClient.incrementFields({ accessTokensRemoved: 1 }, correlationId);
469
+ // Remove Token Binding Key from key store for PoP Tokens Credentials
470
+ if (credential.credentialType.toLowerCase() ===
471
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) {
472
+ if (credential.tokenType === AuthenticationScheme.POP) {
473
+ const accessTokenWithAuthSchemeEntity = credential;
474
+ const kid = accessTokenWithAuthSchemeEntity.keyId;
475
+ if (kid) {
476
+ void this.cryptoImpl
477
+ .removeTokenBindingKey(kid, correlationId)
478
+ .catch(() => {
479
+ this.commonLogger.error("0cx291", correlationId);
480
+ this.performanceClient?.incrementFields({ removeTokenBindingKeyFailure: 1 }, correlationId);
481
+ });
482
+ }
483
+ }
484
+ }
485
+ }
486
+ /**
487
+ * Removes all app metadata objects from cache.
488
+ */
489
+ removeAppMetadata(correlationId) {
490
+ const allCacheKeys = this.getKeys();
491
+ allCacheKeys.forEach((cacheKey) => {
492
+ if (this.isAppMetadata(cacheKey)) {
493
+ this.removeItem(cacheKey, correlationId);
494
+ }
495
+ });
496
+ return true;
497
+ }
498
+ /**
499
+ * Retrieve IdTokenEntity from cache
500
+ * @param account {AccountInfo}
501
+ * @param tokenKeys {?TokenKeys}
502
+ * @param targetRealm {?string}
503
+ * @param performanceClient {?IPerformanceClient}
504
+ * @param correlationId {?string}
505
+ */
506
+ getIdToken(account, correlationId, tokenKeys, targetRealm) {
507
+ this.commonLogger.trace("1drz22", correlationId);
508
+ const idTokenFilter = {
509
+ homeAccountId: account.homeAccountId,
510
+ environment: account.environment,
511
+ credentialType: CredentialType.ID_TOKEN,
512
+ clientId: this.clientId,
513
+ realm: targetRealm,
514
+ };
515
+ const idTokenMap = this.getIdTokensByFilter(idTokenFilter, correlationId, tokenKeys);
516
+ const numIdTokens = idTokenMap.size;
517
+ if (numIdTokens < 1) {
518
+ this.commonLogger.info("1atvtd", correlationId);
519
+ return null;
520
+ }
521
+ else if (numIdTokens > 1) {
522
+ let tokensToBeRemoved = idTokenMap;
523
+ // Multiple tenant profiles and no tenant specified, pick home account
524
+ if (!targetRealm) {
525
+ const homeIdTokenMap = new Map();
526
+ idTokenMap.forEach((idToken, key) => {
527
+ if (idToken.realm === account.tenantId) {
528
+ homeIdTokenMap.set(key, idToken);
529
+ }
530
+ });
531
+ const numHomeIdTokens = homeIdTokenMap.size;
532
+ if (numHomeIdTokens < 1) {
533
+ this.commonLogger.info("0ooalx", correlationId);
534
+ return idTokenMap.values().next().value;
535
+ }
536
+ else if (numHomeIdTokens === 1) {
537
+ this.commonLogger.info("1eq2vc", correlationId);
538
+ return homeIdTokenMap.values().next().value;
539
+ }
540
+ else {
541
+ // Multiple ID tokens for home tenant profile, remove all and return null
542
+ tokensToBeRemoved = homeIdTokenMap;
543
+ }
544
+ }
545
+ // Multiple tokens for a single tenant profile, remove all and return null
546
+ this.commonLogger.info("1ws328", correlationId);
547
+ tokensToBeRemoved.forEach((idToken, key) => {
548
+ this.removeIdToken(key, correlationId);
549
+ });
550
+ this.performanceClient.addFields({ multiMatchedID: idTokenMap.size }, correlationId);
551
+ return null;
552
+ }
553
+ this.commonLogger.info("1sm769", correlationId);
554
+ return idTokenMap.values().next().value;
555
+ }
556
+ /**
557
+ * Gets all idTokens matching the given filter
558
+ * @param filter
559
+ * @returns
560
+ */
561
+ getIdTokensByFilter(filter, correlationId, tokenKeys) {
562
+ const idTokenKeys = (tokenKeys && tokenKeys.idToken) || this.getTokenKeys().idToken;
563
+ const idTokens = new Map();
564
+ idTokenKeys.forEach((key) => {
565
+ if (!this.idTokenKeyMatchesFilter(key, {
566
+ clientId: this.clientId,
567
+ ...filter,
568
+ })) {
569
+ return;
570
+ }
571
+ const idToken = this.getIdTokenCredential(key, correlationId);
572
+ if (idToken &&
573
+ this.credentialMatchesFilter(idToken, filter, correlationId)) {
574
+ idTokens.set(key, idToken);
575
+ }
576
+ });
577
+ return idTokens;
578
+ }
579
+ /**
580
+ * Validate the cache key against filter before retrieving and parsing cache value
581
+ * @param key
582
+ * @param filter
583
+ * @returns
584
+ */
585
+ idTokenKeyMatchesFilter(inputKey, filter) {
586
+ const key = inputKey.toLowerCase();
587
+ if (filter.clientId &&
588
+ key.indexOf(filter.clientId.toLowerCase()) === -1) {
589
+ return false;
590
+ }
591
+ if (filter.homeAccountId &&
592
+ key.indexOf(filter.homeAccountId.toLowerCase()) === -1) {
593
+ return false;
594
+ }
595
+ return true;
596
+ }
597
+ /**
598
+ * Removes idToken from the cache
599
+ * @param key
600
+ */
601
+ removeIdToken(key, correlationId) {
602
+ this.removeItem(key, correlationId);
603
+ }
604
+ /**
605
+ * Removes refresh token from the cache
606
+ * @param key
607
+ */
608
+ removeRefreshToken(key, correlationId) {
609
+ this.removeItem(key, correlationId);
610
+ }
611
+ /**
612
+ * Retrieve AccessTokenEntity from cache
613
+ * @param account {AccountInfo}
614
+ * @param request {BaseAuthRequest}
615
+ * @param tokenKeys {?TokenKeys}
616
+ * @param performanceClient {?IPerformanceClient}
617
+ */
618
+ getAccessToken(account, request, tokenKeys, targetRealm) {
619
+ const correlationId = request.correlationId;
620
+ this.commonLogger.trace("1t7hz1", correlationId);
621
+ const scopes = ScopeSet.createSearchScopes(request.scopes);
622
+ const authScheme = request.authenticationScheme ||
623
+ AuthenticationScheme.BEARER;
624
+ /*
625
+ * Distinguish between Bearer and PoP/SSH token cache types
626
+ * Cast to lowercase to handle "bearer" from ADFS
627
+ */
628
+ const credentialType = authScheme &&
629
+ authScheme.toLowerCase() !==
630
+ AuthenticationScheme.BEARER.toLowerCase()
631
+ ? CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME
632
+ : CredentialType.ACCESS_TOKEN;
633
+ const accessTokenFilter = {
634
+ homeAccountId: account.homeAccountId,
635
+ environment: account.environment,
636
+ credentialType: credentialType,
637
+ clientId: this.clientId,
638
+ realm: targetRealm || account.tenantId,
639
+ target: scopes,
640
+ tokenType: authScheme,
641
+ keyId: request.sshKid,
642
+ };
643
+ const accessTokenKeys = (tokenKeys && tokenKeys.accessToken) ||
644
+ this.getTokenKeys().accessToken;
645
+ const accessTokens = [];
646
+ accessTokenKeys.forEach((key) => {
647
+ // Validate key
648
+ if (this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)) {
649
+ const accessToken = this.getAccessTokenCredential(key, correlationId);
650
+ // Validate value
651
+ if (accessToken &&
652
+ this.credentialMatchesFilter(accessToken, accessTokenFilter, correlationId)) {
653
+ accessTokens.push(accessToken);
654
+ }
655
+ }
656
+ });
657
+ const numAccessTokens = accessTokens.length;
658
+ if (numAccessTokens < 1) {
659
+ this.commonLogger.info("1nckna", correlationId);
660
+ return null;
661
+ }
662
+ else if (numAccessTokens > 1) {
663
+ this.commonLogger.info("1wkfwp", correlationId);
664
+ accessTokens.forEach((accessToken) => {
665
+ this.removeAccessToken(this.generateCredentialKey(accessToken), correlationId);
666
+ });
667
+ this.performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
668
+ return null;
669
+ }
670
+ this.commonLogger.info("06yt98", correlationId);
671
+ return accessTokens[0];
672
+ }
673
+ /**
674
+ * Validate the cache key against filter before retrieving and parsing cache value
675
+ * @param key
676
+ * @param filter
677
+ * @param keyMustContainAllScopes
678
+ * @returns
679
+ */
680
+ accessTokenKeyMatchesFilter(inputKey, filter, keyMustContainAllScopes) {
681
+ const key = inputKey.toLowerCase();
682
+ if (filter.clientId &&
683
+ key.indexOf(filter.clientId.toLowerCase()) === -1) {
684
+ return false;
685
+ }
686
+ if (filter.homeAccountId &&
687
+ key.indexOf(filter.homeAccountId.toLowerCase()) === -1) {
688
+ return false;
689
+ }
690
+ if (filter.realm && key.indexOf(filter.realm.toLowerCase()) === -1) {
691
+ return false;
692
+ }
693
+ if (filter.target) {
694
+ const scopes = filter.target.asArray();
695
+ for (let i = 0; i < scopes.length; i++) {
696
+ if (keyMustContainAllScopes &&
697
+ !key.includes(scopes[i].toLowerCase())) {
698
+ // When performing a cache lookup a missing scope would be a cache miss
699
+ return false;
700
+ }
701
+ else if (!keyMustContainAllScopes &&
702
+ key.includes(scopes[i].toLowerCase())) {
703
+ // When performing a cache write, any token with a subset of requested scopes should be replaced
704
+ return true;
705
+ }
706
+ }
707
+ }
708
+ return true;
709
+ }
710
+ /**
711
+ * Gets all access tokens matching the filter
712
+ * @param filter
713
+ * @returns
714
+ */
715
+ getAccessTokensByFilter(filter, correlationId) {
716
+ const tokenKeys = this.getTokenKeys();
717
+ const accessTokens = [];
718
+ tokenKeys.accessToken.forEach((key) => {
719
+ if (!this.accessTokenKeyMatchesFilter(key, filter, true)) {
720
+ return;
721
+ }
722
+ const accessToken = this.getAccessTokenCredential(key, correlationId);
723
+ if (accessToken &&
724
+ this.credentialMatchesFilter(accessToken, filter, correlationId)) {
725
+ accessTokens.push(accessToken);
726
+ }
727
+ });
728
+ return accessTokens;
729
+ }
730
+ /**
731
+ * Helper to retrieve the appropriate refresh token from cache
732
+ * @param account {AccountInfo}
733
+ * @param familyRT {boolean}
734
+ * @param tokenKeys {?TokenKeys}
735
+ * @param performanceClient {?IPerformanceClient}
736
+ * @param correlationId {?string}
737
+ */
738
+ getRefreshToken(account, familyRT, correlationId, tokenKeys) {
739
+ this.commonLogger.trace("0x53vi", correlationId);
740
+ const id = familyRT ? THE_FAMILY_ID : undefined;
741
+ const refreshTokenFilter = {
742
+ homeAccountId: account.homeAccountId,
743
+ environment: account.environment,
744
+ credentialType: CredentialType.REFRESH_TOKEN,
745
+ clientId: this.clientId,
746
+ familyId: id,
747
+ };
748
+ const refreshTokenKeys = (tokenKeys && tokenKeys.refreshToken) ||
749
+ this.getTokenKeys().refreshToken;
750
+ const refreshTokens = [];
751
+ refreshTokenKeys.forEach((key) => {
752
+ // Validate key
753
+ if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) {
754
+ const refreshToken = this.getRefreshTokenCredential(key, correlationId);
755
+ // Validate value
756
+ if (refreshToken &&
757
+ this.credentialMatchesFilter(refreshToken, refreshTokenFilter, correlationId)) {
758
+ refreshTokens.push(refreshToken);
759
+ }
760
+ }
761
+ });
762
+ const numRefreshTokens = refreshTokens.length;
763
+ if (numRefreshTokens < 1) {
764
+ this.commonLogger.info("0dlw11", correlationId);
765
+ return null;
766
+ }
767
+ // address the else case after remove functions address environment aliases
768
+ if (numRefreshTokens > 1) {
769
+ this.performanceClient.addFields({ multiMatchedRT: numRefreshTokens }, correlationId);
770
+ }
771
+ this.commonLogger.info("0wcnep", correlationId);
772
+ return refreshTokens[0];
773
+ }
774
+ /**
775
+ * Validate the cache key against filter before retrieving and parsing cache value
776
+ * @param key
777
+ * @param filter
778
+ */
779
+ refreshTokenKeyMatchesFilter(inputKey, filter) {
780
+ const key = inputKey.toLowerCase();
781
+ if (filter.familyId &&
782
+ key.indexOf(filter.familyId.toLowerCase()) === -1) {
783
+ return false;
784
+ }
785
+ // If familyId is used, clientId is not in the key
786
+ if (!filter.familyId &&
787
+ filter.clientId &&
788
+ key.indexOf(filter.clientId.toLowerCase()) === -1) {
789
+ return false;
790
+ }
791
+ if (filter.homeAccountId &&
792
+ key.indexOf(filter.homeAccountId.toLowerCase()) === -1) {
793
+ return false;
794
+ }
795
+ return true;
796
+ }
797
+ /**
798
+ * Retrieve AppMetadataEntity from cache
799
+ */
800
+ readAppMetadataFromCache(environment, correlationId) {
801
+ const appMetadataFilter = {
802
+ environment,
803
+ clientId: this.clientId,
804
+ };
805
+ const appMetadata = this.getAppMetadataFilteredBy(appMetadataFilter, correlationId);
806
+ const appMetadataEntries = Object.keys(appMetadata).map((key) => appMetadata[key]);
807
+ const numAppMetadata = appMetadataEntries.length;
808
+ if (numAppMetadata < 1) {
809
+ return null;
810
+ }
811
+ else if (numAppMetadata > 1) {
812
+ throw createClientAuthError(multipleMatchingAppMetadata);
813
+ }
814
+ return appMetadataEntries[0];
815
+ }
816
+ /**
817
+ * Return the family_id value associated with FOCI
818
+ * @param environment
819
+ * @param clientId
820
+ */
821
+ isAppMetadataFOCI(environment, correlationId) {
822
+ const appMetadata = this.readAppMetadataFromCache(environment, correlationId);
823
+ return !!(appMetadata && appMetadata.familyId === THE_FAMILY_ID);
824
+ }
825
+ /**
826
+ * helper to match account ids
827
+ * @param value
828
+ * @param homeAccountId
829
+ */
830
+ matchHomeAccountId(entity, homeAccountId) {
831
+ return !!(typeof entity.homeAccountId === "string" &&
832
+ homeAccountId === entity.homeAccountId);
833
+ }
834
+ /**
835
+ * helper to match account ids
836
+ * @param entity
837
+ * @param localAccountId
838
+ * @returns
839
+ */
840
+ matchLocalAccountIdFromTokenClaims(tokenClaims, localAccountId) {
841
+ const idTokenLocalAccountId = tokenClaims.oid || tokenClaims.sub;
842
+ return localAccountId === idTokenLocalAccountId;
843
+ }
844
+ matchLocalAccountIdFromTenantProfile(tenantProfile, localAccountId) {
845
+ return tenantProfile.localAccountId === localAccountId;
846
+ }
847
+ /**
848
+ * helper to match names
849
+ * @param entity
850
+ * @param name
851
+ * @returns true if the downcased name properties are present and match in the filter and the entity
852
+ */
853
+ matchName(claims, name) {
854
+ return !!(name.toLowerCase() === claims.name?.toLowerCase());
855
+ }
856
+ /**
857
+ * helper to match usernames
858
+ * @param entity
859
+ * @param username
860
+ * @returns
861
+ */
862
+ matchUsername(cachedUsername, filterUsername) {
863
+ return !!(cachedUsername &&
864
+ typeof cachedUsername === "string" &&
865
+ filterUsername?.toLowerCase() === cachedUsername.toLowerCase());
866
+ }
867
+ /**
868
+ * helper to match assertion
869
+ * @param value
870
+ * @param oboAssertion
871
+ */
872
+ matchUserAssertionHash(entity, userAssertionHash) {
873
+ return !!(entity.userAssertionHash &&
874
+ userAssertionHash === entity.userAssertionHash);
875
+ }
876
+ /**
877
+ * helper to match environment
878
+ * @param value
879
+ * @param environment
880
+ */
881
+ matchEnvironment(entity, environment, correlationId) {
882
+ // Check static authority options first for cases where authority metadata has not been resolved and cached yet
883
+ if (this.staticAuthorityOptions) {
884
+ const staticAliases = getAliasesFromStaticSources(this.staticAuthorityOptions, this.commonLogger, correlationId);
885
+ if (staticAliases.includes(environment) &&
886
+ staticAliases.includes(entity.environment)) {
887
+ return true;
888
+ }
889
+ }
890
+ // Query metadata cache if no static authority configuration has aliases that match enviroment
891
+ const cloudMetadata = this.getAuthorityMetadataByAlias(environment, correlationId);
892
+ if (cloudMetadata &&
893
+ cloudMetadata.aliases.indexOf(entity.environment) > -1) {
894
+ return true;
895
+ }
896
+ return false;
897
+ }
898
+ /**
899
+ * helper to match credential type
900
+ * @param entity
901
+ * @param credentialType
902
+ */
903
+ matchCredentialType(entity, credentialType) {
904
+ return (entity.credentialType &&
905
+ credentialType.toLowerCase() === entity.credentialType.toLowerCase());
906
+ }
907
+ /**
908
+ * helper to match client ids
909
+ * @param entity
910
+ * @param clientId
911
+ */
912
+ matchClientId(entity, clientId) {
913
+ return !!(entity.clientId && clientId === entity.clientId);
914
+ }
915
+ /**
916
+ * helper to match family ids
917
+ * @param entity
918
+ * @param familyId
919
+ */
920
+ matchFamilyId(entity, familyId) {
921
+ return !!(entity.familyId && familyId === entity.familyId);
922
+ }
923
+ /**
924
+ * helper to match realm
925
+ * @param entity
926
+ * @param realm
927
+ */
928
+ matchRealm(entity, realm) {
929
+ return !!(entity.realm?.toLowerCase() === realm.toLowerCase());
930
+ }
931
+ /**
932
+ * helper to match nativeAccountId
933
+ * @param entity
934
+ * @param nativeAccountId
935
+ * @returns boolean indicating the match result
936
+ */
937
+ matchNativeAccountId(entity, nativeAccountId) {
938
+ return !!(entity.nativeAccountId && nativeAccountId === entity.nativeAccountId);
939
+ }
940
+ /**
941
+ * helper to match loginHint which can be either:
942
+ * 1. login_hint ID token claim
943
+ * 2. username in cached account object
944
+ * 3. upn in ID token claims
945
+ * @param entity
946
+ * @param loginHint
947
+ * @returns
948
+ */
949
+ matchLoginHintFromTokenClaims(tokenClaims, loginHint) {
950
+ if (tokenClaims.login_hint === loginHint) {
951
+ return true;
952
+ }
953
+ if (tokenClaims.preferred_username === loginHint) {
954
+ return true;
955
+ }
956
+ if (tokenClaims.upn === loginHint) {
957
+ return true;
958
+ }
959
+ return false;
960
+ }
961
+ /**
962
+ * Helper to match sid
963
+ * @param entity
964
+ * @param sid
965
+ * @returns true if the sid claim is present and matches the filter
966
+ */
967
+ matchSid(idTokenClaims, sid) {
968
+ return idTokenClaims.sid === sid;
969
+ }
970
+ matchAuthorityType(entity, authorityType) {
971
+ return !!(entity.authorityType &&
972
+ authorityType.toLowerCase() === entity.authorityType.toLowerCase());
973
+ }
974
+ /**
975
+ * Returns true if the target scopes are a subset of the current entity's scopes, false otherwise.
976
+ * @param entity
977
+ * @param target
978
+ */
979
+ matchTarget(entity, target) {
980
+ const isNotAccessTokenCredential = entity.credentialType !== CredentialType.ACCESS_TOKEN &&
981
+ entity.credentialType !==
982
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
983
+ if (isNotAccessTokenCredential || !entity.target) {
984
+ return false;
985
+ }
986
+ const entityScopeSet = ScopeSet.fromString(entity.target);
987
+ return entityScopeSet.containsScopeSet(target);
988
+ }
989
+ /**
990
+ * Returns true if the credential's tokenType or Authentication Scheme matches the one in the request, false otherwise
991
+ * @param entity
992
+ * @param tokenType
993
+ */
994
+ matchTokenType(entity, tokenType) {
995
+ return !!(entity.tokenType && entity.tokenType === tokenType);
996
+ }
997
+ /**
998
+ * Returns true if the credential's keyId matches the one in the request, false otherwise
999
+ * @param entity
1000
+ * @param keyId
1001
+ */
1002
+ matchKeyId(entity, keyId) {
1003
+ return !!(entity.keyId && entity.keyId === keyId);
1004
+ }
1005
+ /**
1006
+ * returns if a given cache entity is of the type appmetadata
1007
+ * @param key
1008
+ */
1009
+ isAppMetadata(key) {
1010
+ return key.indexOf(APP_METADATA) !== -1;
1011
+ }
1012
+ /**
1013
+ * returns if a given cache entity is of the type authoritymetadata
1014
+ * @param key
1015
+ */
1016
+ isAuthorityMetadata(key) {
1017
+ return key.indexOf(AUTHORITY_METADATA_CACHE_KEY) !== -1;
1018
+ }
1019
+ /**
1020
+ * returns cache key used for cloud instance metadata
1021
+ */
1022
+ generateAuthorityMetadataCacheKey(authority) {
1023
+ return `${AUTHORITY_METADATA_CACHE_KEY}-${this.clientId}-${authority}`;
1024
+ }
1025
+ /**
1026
+ * Helper to convert serialized data to object
1027
+ * @param obj
1028
+ * @param json
1029
+ */
1030
+ static toObject(obj, json) {
1031
+ for (const propertyName in json) {
1032
+ obj[propertyName] = json[propertyName];
1033
+ }
1034
+ return obj;
1035
+ }
1036
+ }
1037
+ /** @internal */
1038
+ class DefaultStorageClass extends CacheManager {
1039
+ async setAccount() {
1040
+ throw createClientAuthError(methodNotImplemented);
1041
+ }
1042
+ getAccount() {
1043
+ throw createClientAuthError(methodNotImplemented);
1044
+ }
1045
+ async setIdTokenCredential() {
1046
+ throw createClientAuthError(methodNotImplemented);
1047
+ }
1048
+ getIdTokenCredential() {
1049
+ throw createClientAuthError(methodNotImplemented);
1050
+ }
1051
+ async setAccessTokenCredential() {
1052
+ throw createClientAuthError(methodNotImplemented);
1053
+ }
1054
+ getAccessTokenCredential() {
1055
+ throw createClientAuthError(methodNotImplemented);
1056
+ }
1057
+ async setRefreshTokenCredential() {
1058
+ throw createClientAuthError(methodNotImplemented);
1059
+ }
1060
+ getRefreshTokenCredential() {
1061
+ throw createClientAuthError(methodNotImplemented);
1062
+ }
1063
+ setAppMetadata() {
1064
+ throw createClientAuthError(methodNotImplemented);
1065
+ }
1066
+ getAppMetadata() {
1067
+ throw createClientAuthError(methodNotImplemented);
1068
+ }
1069
+ setServerTelemetry() {
1070
+ throw createClientAuthError(methodNotImplemented);
1071
+ }
1072
+ getServerTelemetry() {
1073
+ throw createClientAuthError(methodNotImplemented);
1074
+ }
1075
+ setAuthorityMetadata() {
1076
+ throw createClientAuthError(methodNotImplemented);
1077
+ }
1078
+ getAuthorityMetadata() {
1079
+ throw createClientAuthError(methodNotImplemented);
1080
+ }
1081
+ getAuthorityMetadataKeys() {
1082
+ throw createClientAuthError(methodNotImplemented);
1083
+ }
1084
+ setThrottlingCache() {
1085
+ throw createClientAuthError(methodNotImplemented);
1086
+ }
1087
+ getThrottlingCache() {
1088
+ throw createClientAuthError(methodNotImplemented);
1089
+ }
1090
+ removeItem() {
1091
+ throw createClientAuthError(methodNotImplemented);
1092
+ }
1093
+ getKeys() {
1094
+ throw createClientAuthError(methodNotImplemented);
1095
+ }
1096
+ getAccountKeys() {
1097
+ throw createClientAuthError(methodNotImplemented);
1098
+ }
1099
+ getTokenKeys() {
1100
+ throw createClientAuthError(methodNotImplemented);
1101
+ }
1102
+ generateCredentialKey() {
1103
+ throw createClientAuthError(methodNotImplemented);
1104
+ }
1105
+ generateAccountKey() {
1106
+ throw createClientAuthError(methodNotImplemented);
1107
+ }
1108
+ }
1109
+
1110
+ export { CacheManager, DefaultStorageClass };
1111
+ //# sourceMappingURL=CacheManager.mjs.map