@azure/msal-common 16.3.0 → 16.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.d.ts.map +1 -1
- package/dist/cache/CacheManager.mjs +6 -1
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/AccountEntityUtils.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +1 -1
- package/dist/client/RefreshTokenClient.mjs +1 -1
- package/dist/client/SilentFlowClient.mjs +1 -1
- package/dist/config/ClientConfiguration.mjs +1 -1
- package/dist/constants/AADServerParamKeys.d.ts +1 -0
- package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +4 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +1 -1
- package/dist/error/AuthError.mjs +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.mjs +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/PlatformBrokerError.mjs +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/index-node.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +4 -2
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/protocol/Token.mjs +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/BaseAuthRequest.mjs +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +4 -0
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +9 -3
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/AuthorizeResponse.d.ts +7 -0
- package/dist/response/AuthorizeResponse.d.ts.map +1 -1
- package/dist/response/ResponseHandler.d.ts +9 -9
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +27 -20
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +5 -3
- package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +12 -0
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +2 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.mjs +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.mjs +1 -1
- package/dist-browser/account/AccountInfo.mjs +1 -1
- package/dist-browser/account/AuthToken.mjs +1 -1
- package/dist-browser/account/CcsCredential.mjs +1 -1
- package/dist-browser/account/ClientInfo.mjs +1 -1
- package/dist-browser/account/TokenClaims.mjs +1 -1
- package/dist-browser/authority/Authority.mjs +1 -1
- package/dist-browser/authority/AuthorityFactory.mjs +1 -1
- package/dist-browser/authority/AuthorityMetadata.mjs +1 -1
- package/dist-browser/authority/AuthorityOptions.mjs +1 -1
- package/dist-browser/authority/AuthorityType.mjs +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist-browser/authority/ProtocolMode.mjs +1 -1
- package/dist-browser/authority/RegionDiscovery.mjs +1 -1
- package/dist-browser/cache/CacheManager.d.ts.map +1 -1
- package/dist-browser/cache/CacheManager.mjs +6 -1
- package/dist-browser/cache/CacheManager.mjs.map +1 -1
- package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist-browser/cache/utils/AccountEntityUtils.mjs +1 -1
- package/dist-browser/cache/utils/CacheHelpers.mjs +1 -1
- package/dist-browser/client/AuthorizationCodeClient.mjs +1 -1
- package/dist-browser/client/RefreshTokenClient.mjs +1 -1
- package/dist-browser/client/SilentFlowClient.mjs +1 -1
- package/dist-browser/config/ClientConfiguration.mjs +1 -1
- package/dist-browser/constants/AADServerParamKeys.d.ts +1 -0
- package/dist-browser/constants/AADServerParamKeys.d.ts.map +1 -1
- package/dist-browser/constants/AADServerParamKeys.mjs +4 -3
- package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist-browser/crypto/ICrypto.mjs +1 -1
- package/dist-browser/crypto/JoseHeader.mjs +1 -1
- package/dist-browser/crypto/PopTokenGenerator.mjs +1 -1
- package/dist-browser/error/AuthError.mjs +1 -1
- package/dist-browser/error/AuthErrorCodes.mjs +1 -1
- package/dist-browser/error/CacheError.mjs +1 -1
- package/dist-browser/error/CacheErrorCodes.mjs +1 -1
- package/dist-browser/error/ClientAuthError.mjs +1 -1
- package/dist-browser/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist-browser/error/ClientConfigurationError.mjs +1 -1
- package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist-browser/error/InteractionRequiredAuthError.mjs +1 -1
- package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist-browser/error/JoseHeaderError.mjs +1 -1
- package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist-browser/error/NetworkError.mjs +1 -1
- package/dist-browser/error/PlatformBrokerError.mjs +1 -1
- package/dist-browser/error/ServerError.mjs +1 -1
- package/dist-browser/index-browser.mjs +1 -1
- package/dist-browser/index.mjs +1 -1
- package/dist-browser/log-strings-mapping.json +11 -3
- package/dist-browser/logger/Logger.mjs +1 -1
- package/dist-browser/network/INetworkModule.mjs +1 -1
- package/dist-browser/network/RequestThumbprint.mjs +1 -1
- package/dist-browser/network/ThrottlingUtils.mjs +1 -1
- package/dist-browser/packageMetadata.d.ts +1 -1
- package/dist-browser/packageMetadata.mjs +2 -2
- package/dist-browser/protocol/Authorize.d.ts.map +1 -1
- package/dist-browser/protocol/Authorize.mjs +4 -2
- package/dist-browser/protocol/Authorize.mjs.map +1 -1
- package/dist-browser/protocol/Token.mjs +1 -1
- package/dist-browser/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist-browser/request/BaseAuthRequest.mjs +1 -1
- package/dist-browser/request/RequestParameterBuilder.d.ts +4 -0
- package/dist-browser/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist-browser/request/RequestParameterBuilder.mjs +9 -3
- package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist-browser/request/ScopeSet.mjs +1 -1
- package/dist-browser/response/AuthorizeResponse.d.ts +7 -0
- package/dist-browser/response/AuthorizeResponse.d.ts.map +1 -1
- package/dist-browser/response/ResponseHandler.d.ts +9 -9
- package/dist-browser/response/ResponseHandler.d.ts.map +1 -1
- package/dist-browser/response/ResponseHandler.mjs +27 -20
- package/dist-browser/response/ResponseHandler.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceClient.mjs +5 -3
- package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.d.ts +12 -0
- package/dist-browser/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs +2 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist-browser/url/UrlString.mjs +1 -1
- package/dist-browser/utils/ClientAssertionUtils.mjs +1 -1
- package/dist-browser/utils/Constants.mjs +1 -1
- package/dist-browser/utils/FunctionWrappers.mjs +1 -1
- package/dist-browser/utils/ProtocolUtils.mjs +1 -1
- package/dist-browser/utils/StringUtils.mjs +1 -1
- package/dist-browser/utils/TimeUtils.mjs +1 -1
- package/dist-browser/utils/UrlUtils.mjs +1 -1
- package/lib/index-browser.cjs +6 -4
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-BUrdOQX5.js → index-node-5FoJ00Jc.js} +150 -126
- package/lib/index-node-5FoJ00Jc.js.map +1 -0
- package/lib/index-node.cjs +2 -2
- package/lib/index.cjs +2 -2
- package/lib/types/cache/CacheManager.d.ts.map +1 -1
- package/lib/types/constants/AADServerParamKeys.d.ts +1 -0
- package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +4 -0
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/response/AuthorizeResponse.d.ts +7 -0
- package/lib/types/response/AuthorizeResponse.d.ts.map +1 -1
- package/lib/types/response/ResponseHandler.d.ts +9 -9
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +12 -0
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/cache/CacheManager.ts +12 -0
- package/src/constants/AADServerParamKeys.ts +1 -0
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +3 -0
- package/src/request/RequestParameterBuilder.ts +7 -0
- package/src/response/AuthorizeResponse.ts +7 -0
- package/src/response/ResponseHandler.ts +67 -47
- package/src/telemetry/performance/PerformanceClient.ts +4 -2
- package/src/telemetry/performance/PerformanceEvent.ts +17 -0
- package/lib/index-node-BUrdOQX5.js.map +0 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-common v16.
|
|
1
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
@@ -2875,7 +2875,8 @@ const BROKER_REDIRECT_URI = "brk_redirect_uri";
|
|
|
2875
2875
|
const INSTANCE_AWARE = "instance_aware";
|
|
2876
2876
|
const EAR_JWK = "ear_jwk";
|
|
2877
2877
|
const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
2878
|
-
const RESOURCE = "resource";
|
|
2878
|
+
const RESOURCE = "resource";
|
|
2879
|
+
const CLI_DATA = "clidata";
|
|
2879
2880
|
|
|
2880
2881
|
var AADServerParamKeys = /*#__PURE__*/Object.freeze({
|
|
2881
2882
|
__proto__: null,
|
|
@@ -2890,6 +2891,7 @@ var AADServerParamKeys = /*#__PURE__*/Object.freeze({
|
|
|
2890
2891
|
CLIENT_INFO: CLIENT_INFO,
|
|
2891
2892
|
CLIENT_REQUEST_ID: CLIENT_REQUEST_ID,
|
|
2892
2893
|
CLIENT_SECRET: CLIENT_SECRET,
|
|
2894
|
+
CLI_DATA: CLI_DATA,
|
|
2893
2895
|
CODE: CODE,
|
|
2894
2896
|
CODE_CHALLENGE: CODE_CHALLENGE,
|
|
2895
2897
|
CODE_CHALLENGE_METHOD: CODE_CHALLENGE_METHOD,
|
|
@@ -3761,6 +3763,12 @@ function addGrantType(parameters, grantType) {
|
|
|
3761
3763
|
function addClientInfo(parameters) {
|
|
3762
3764
|
parameters.set(CLIENT_INFO$1, "1");
|
|
3763
3765
|
}
|
|
3766
|
+
/**
|
|
3767
|
+
* add clidata=1 to request to indicate client data support
|
|
3768
|
+
*/
|
|
3769
|
+
function addCliData(parameters) {
|
|
3770
|
+
parameters.set(CLI_DATA, "1");
|
|
3771
|
+
}
|
|
3764
3772
|
function addInstanceAware(parameters) {
|
|
3765
3773
|
if (!parameters.has(INSTANCE_AWARE)) {
|
|
3766
3774
|
parameters.set(INSTANCE_AWARE, "true");
|
|
@@ -3889,6 +3897,7 @@ var RequestParameterBuilder = /*#__PURE__*/Object.freeze({
|
|
|
3889
3897
|
addCcsOid: addCcsOid,
|
|
3890
3898
|
addCcsUpn: addCcsUpn,
|
|
3891
3899
|
addClaims: addClaims,
|
|
3900
|
+
addCliData: addCliData,
|
|
3892
3901
|
addClientAssertion: addClientAssertion,
|
|
3893
3902
|
addClientAssertionType: addClientAssertionType,
|
|
3894
3903
|
addClientCapabilitiesToClaims: addClientCapabilitiesToClaims,
|
|
@@ -4244,7 +4253,7 @@ class Logger {
|
|
|
4244
4253
|
|
|
4245
4254
|
/* eslint-disable header/header */
|
|
4246
4255
|
const name = "@azure/msal-common";
|
|
4247
|
-
const version = "16.
|
|
4256
|
+
const version = "16.4.1";
|
|
4248
4257
|
|
|
4249
4258
|
/*
|
|
4250
4259
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4323,6 +4332,11 @@ class CacheManager {
|
|
|
4323
4332
|
* Gets first tenanted AccountInfo object found based on provided filters
|
|
4324
4333
|
*/
|
|
4325
4334
|
getAccountInfoFilteredBy(accountFilter, correlationId) {
|
|
4335
|
+
if (Object.keys(accountFilter).length === 0 ||
|
|
4336
|
+
Object.values(accountFilter).every((value) => value === null || value === undefined || value === "")) {
|
|
4337
|
+
this.commonLogger.warning("getAccountInfoFilteredBy: Account filter is empty or invalid, returning null", correlationId);
|
|
4338
|
+
return null;
|
|
4339
|
+
}
|
|
4326
4340
|
const allAccounts = this.getAllAccounts(accountFilter, correlationId);
|
|
4327
4341
|
if (allAccounts.length > 1) {
|
|
4328
4342
|
// If one or more accounts are found, prioritize accounts that have an ID token
|
|
@@ -5435,6 +5449,7 @@ const IntFields = new Set([
|
|
|
5435
5449
|
"currRefreshCount",
|
|
5436
5450
|
"expiredCacheRemovedCount",
|
|
5437
5451
|
"upgradedCacheCount",
|
|
5452
|
+
"cacheMatchedAccounts",
|
|
5438
5453
|
"networkRtt",
|
|
5439
5454
|
"redirectBridgeTimeoutMs",
|
|
5440
5455
|
"redirectBridgeMessageVersion",
|
|
@@ -5591,15 +5606,102 @@ function isOidcProtocolMode(config) {
|
|
|
5591
5606
|
* Licensed under the MIT License.
|
|
5592
5607
|
*/
|
|
5593
5608
|
/**
|
|
5594
|
-
*
|
|
5609
|
+
* This class instance helps track the memory changes facilitating
|
|
5610
|
+
* decisions to read from and write to the persistent cache
|
|
5611
|
+
*/ class TokenCacheContext {
|
|
5612
|
+
constructor(tokenCache, hasChanged) {
|
|
5613
|
+
this.cache = tokenCache;
|
|
5614
|
+
this.hasChanged = hasChanged;
|
|
5615
|
+
}
|
|
5616
|
+
/**
|
|
5617
|
+
* boolean which indicates the changes in cache
|
|
5618
|
+
*/
|
|
5619
|
+
get cacheHasChanged() {
|
|
5620
|
+
return this.hasChanged;
|
|
5621
|
+
}
|
|
5622
|
+
/**
|
|
5623
|
+
* function to retrieve the token cache
|
|
5624
|
+
*/
|
|
5625
|
+
get tokenCache() {
|
|
5626
|
+
return this.cache;
|
|
5627
|
+
}
|
|
5628
|
+
}
|
|
5629
|
+
|
|
5630
|
+
/*
|
|
5631
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5632
|
+
* Licensed under the MIT License.
|
|
5595
5633
|
*/
|
|
5596
|
-
|
|
5597
|
-
|
|
5598
|
-
|
|
5599
|
-
|
|
5600
|
-
|
|
5601
|
-
this.
|
|
5602
|
-
|
|
5634
|
+
const KeyLocation = {
|
|
5635
|
+
SW: "sw"};
|
|
5636
|
+
/** @internal */
|
|
5637
|
+
class PopTokenGenerator {
|
|
5638
|
+
constructor(cryptoUtils, performanceClient) {
|
|
5639
|
+
this.cryptoUtils = cryptoUtils;
|
|
5640
|
+
this.performanceClient = performanceClient;
|
|
5641
|
+
}
|
|
5642
|
+
/**
|
|
5643
|
+
* Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
|
|
5644
|
+
* and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
|
|
5645
|
+
* @param request
|
|
5646
|
+
* @returns
|
|
5647
|
+
*/
|
|
5648
|
+
async generateCnf(request, logger) {
|
|
5649
|
+
const reqCnf = await invokeAsync(this.generateKid.bind(this), PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);
|
|
5650
|
+
const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf));
|
|
5651
|
+
return {
|
|
5652
|
+
kid: reqCnf.kid,
|
|
5653
|
+
reqCnfString,
|
|
5654
|
+
};
|
|
5655
|
+
}
|
|
5656
|
+
/**
|
|
5657
|
+
* Generates key_id for a SHR token request
|
|
5658
|
+
* @param request
|
|
5659
|
+
* @returns
|
|
5660
|
+
*/
|
|
5661
|
+
async generateKid(request) {
|
|
5662
|
+
const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);
|
|
5663
|
+
return {
|
|
5664
|
+
kid: kidThumbprint,
|
|
5665
|
+
xms_ksl: KeyLocation.SW,
|
|
5666
|
+
};
|
|
5667
|
+
}
|
|
5668
|
+
/**
|
|
5669
|
+
* Signs the POP access_token with the local generated key-pair
|
|
5670
|
+
* @param accessToken
|
|
5671
|
+
* @param request
|
|
5672
|
+
* @returns
|
|
5673
|
+
*/
|
|
5674
|
+
async signPopToken(accessToken, keyId, request) {
|
|
5675
|
+
return this.signPayload(accessToken, keyId, request);
|
|
5676
|
+
}
|
|
5677
|
+
/**
|
|
5678
|
+
* Utility function to generate the signed JWT for an access_token
|
|
5679
|
+
* @param payload
|
|
5680
|
+
* @param kid
|
|
5681
|
+
* @param request
|
|
5682
|
+
* @param claims
|
|
5683
|
+
* @returns
|
|
5684
|
+
*/
|
|
5685
|
+
async signPayload(payload, keyId, request, claims) {
|
|
5686
|
+
// Deconstruct request to extract SHR parameters
|
|
5687
|
+
const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request;
|
|
5688
|
+
const resourceUrlString = resourceRequestUri
|
|
5689
|
+
? new UrlString(resourceRequestUri)
|
|
5690
|
+
: undefined;
|
|
5691
|
+
const resourceUrlComponents = resourceUrlString?.getUrlComponents();
|
|
5692
|
+
return this.cryptoUtils.signJwt({
|
|
5693
|
+
at: payload,
|
|
5694
|
+
ts: nowSeconds(),
|
|
5695
|
+
m: resourceRequestMethod?.toUpperCase(),
|
|
5696
|
+
u: resourceUrlComponents?.HostNameAndPort,
|
|
5697
|
+
nonce: shrNonce || this.cryptoUtils.createNewGuid(),
|
|
5698
|
+
p: resourceUrlComponents?.AbsolutePath,
|
|
5699
|
+
q: resourceUrlComponents?.QueryString
|
|
5700
|
+
? [[], resourceUrlComponents.QueryString]
|
|
5701
|
+
: undefined,
|
|
5702
|
+
client_claims: shrClaims || undefined,
|
|
5703
|
+
...claims,
|
|
5704
|
+
}, keyId, shrOptions, request.correlationId);
|
|
5603
5705
|
}
|
|
5604
5706
|
}
|
|
5605
5707
|
|
|
@@ -5732,6 +5834,23 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
5732
5834
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
5733
5835
|
}
|
|
5734
5836
|
|
|
5837
|
+
/*
|
|
5838
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5839
|
+
* Licensed under the MIT License.
|
|
5840
|
+
*/
|
|
5841
|
+
/**
|
|
5842
|
+
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
5843
|
+
*/
|
|
5844
|
+
class ServerError extends AuthError {
|
|
5845
|
+
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
5846
|
+
super(errorCode, errorMessage, subError);
|
|
5847
|
+
this.name = "ServerError";
|
|
5848
|
+
this.errorNo = errorNo;
|
|
5849
|
+
this.status = status;
|
|
5850
|
+
Object.setPrototypeOf(this, ServerError.prototype);
|
|
5851
|
+
}
|
|
5852
|
+
}
|
|
5853
|
+
|
|
5735
5854
|
/*
|
|
5736
5855
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5737
5856
|
* Licensed under the MIT License.
|
|
@@ -5805,110 +5924,6 @@ var ProtocolUtils = /*#__PURE__*/Object.freeze({
|
|
|
5805
5924
|
setRequestState: setRequestState
|
|
5806
5925
|
});
|
|
5807
5926
|
|
|
5808
|
-
/*
|
|
5809
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5810
|
-
* Licensed under the MIT License.
|
|
5811
|
-
*/
|
|
5812
|
-
const KeyLocation = {
|
|
5813
|
-
SW: "sw"};
|
|
5814
|
-
/** @internal */
|
|
5815
|
-
class PopTokenGenerator {
|
|
5816
|
-
constructor(cryptoUtils, performanceClient) {
|
|
5817
|
-
this.cryptoUtils = cryptoUtils;
|
|
5818
|
-
this.performanceClient = performanceClient;
|
|
5819
|
-
}
|
|
5820
|
-
/**
|
|
5821
|
-
* Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
|
|
5822
|
-
* and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
|
|
5823
|
-
* @param request
|
|
5824
|
-
* @returns
|
|
5825
|
-
*/
|
|
5826
|
-
async generateCnf(request, logger) {
|
|
5827
|
-
const reqCnf = await invokeAsync(this.generateKid.bind(this), PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);
|
|
5828
|
-
const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf));
|
|
5829
|
-
return {
|
|
5830
|
-
kid: reqCnf.kid,
|
|
5831
|
-
reqCnfString,
|
|
5832
|
-
};
|
|
5833
|
-
}
|
|
5834
|
-
/**
|
|
5835
|
-
* Generates key_id for a SHR token request
|
|
5836
|
-
* @param request
|
|
5837
|
-
* @returns
|
|
5838
|
-
*/
|
|
5839
|
-
async generateKid(request) {
|
|
5840
|
-
const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);
|
|
5841
|
-
return {
|
|
5842
|
-
kid: kidThumbprint,
|
|
5843
|
-
xms_ksl: KeyLocation.SW,
|
|
5844
|
-
};
|
|
5845
|
-
}
|
|
5846
|
-
/**
|
|
5847
|
-
* Signs the POP access_token with the local generated key-pair
|
|
5848
|
-
* @param accessToken
|
|
5849
|
-
* @param request
|
|
5850
|
-
* @returns
|
|
5851
|
-
*/
|
|
5852
|
-
async signPopToken(accessToken, keyId, request) {
|
|
5853
|
-
return this.signPayload(accessToken, keyId, request);
|
|
5854
|
-
}
|
|
5855
|
-
/**
|
|
5856
|
-
* Utility function to generate the signed JWT for an access_token
|
|
5857
|
-
* @param payload
|
|
5858
|
-
* @param kid
|
|
5859
|
-
* @param request
|
|
5860
|
-
* @param claims
|
|
5861
|
-
* @returns
|
|
5862
|
-
*/
|
|
5863
|
-
async signPayload(payload, keyId, request, claims) {
|
|
5864
|
-
// Deconstruct request to extract SHR parameters
|
|
5865
|
-
const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request;
|
|
5866
|
-
const resourceUrlString = resourceRequestUri
|
|
5867
|
-
? new UrlString(resourceRequestUri)
|
|
5868
|
-
: undefined;
|
|
5869
|
-
const resourceUrlComponents = resourceUrlString?.getUrlComponents();
|
|
5870
|
-
return this.cryptoUtils.signJwt({
|
|
5871
|
-
at: payload,
|
|
5872
|
-
ts: nowSeconds(),
|
|
5873
|
-
m: resourceRequestMethod?.toUpperCase(),
|
|
5874
|
-
u: resourceUrlComponents?.HostNameAndPort,
|
|
5875
|
-
nonce: shrNonce || this.cryptoUtils.createNewGuid(),
|
|
5876
|
-
p: resourceUrlComponents?.AbsolutePath,
|
|
5877
|
-
q: resourceUrlComponents?.QueryString
|
|
5878
|
-
? [[], resourceUrlComponents.QueryString]
|
|
5879
|
-
: undefined,
|
|
5880
|
-
client_claims: shrClaims || undefined,
|
|
5881
|
-
...claims,
|
|
5882
|
-
}, keyId, shrOptions, request.correlationId);
|
|
5883
|
-
}
|
|
5884
|
-
}
|
|
5885
|
-
|
|
5886
|
-
/*
|
|
5887
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5888
|
-
* Licensed under the MIT License.
|
|
5889
|
-
*/
|
|
5890
|
-
/**
|
|
5891
|
-
* This class instance helps track the memory changes facilitating
|
|
5892
|
-
* decisions to read from and write to the persistent cache
|
|
5893
|
-
*/ class TokenCacheContext {
|
|
5894
|
-
constructor(tokenCache, hasChanged) {
|
|
5895
|
-
this.cache = tokenCache;
|
|
5896
|
-
this.hasChanged = hasChanged;
|
|
5897
|
-
}
|
|
5898
|
-
/**
|
|
5899
|
-
* boolean which indicates the changes in cache
|
|
5900
|
-
*/
|
|
5901
|
-
get cacheHasChanged() {
|
|
5902
|
-
return this.hasChanged;
|
|
5903
|
-
}
|
|
5904
|
-
/**
|
|
5905
|
-
* function to retrieve the token cache
|
|
5906
|
-
*/
|
|
5907
|
-
get tokenCache() {
|
|
5908
|
-
return this.cache;
|
|
5909
|
-
}
|
|
5910
|
-
}
|
|
5911
|
-
|
|
5912
5927
|
/*
|
|
5913
5928
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5914
5929
|
* Licensed under the MIT License.
|
|
@@ -6063,7 +6078,7 @@ class ResponseHandler {
|
|
|
6063
6078
|
if (serverTokenResponse.id_token && !!idTokenClaims) {
|
|
6064
6079
|
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
|
|
6065
6080
|
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
6066
|
-
this.logger);
|
|
6081
|
+
this.logger, this.performanceClient);
|
|
6067
6082
|
}
|
|
6068
6083
|
// AccessToken
|
|
6069
6084
|
let cachedAccessToken = null;
|
|
@@ -6214,17 +6229,24 @@ class ResponseHandler {
|
|
|
6214
6229
|
};
|
|
6215
6230
|
}
|
|
6216
6231
|
}
|
|
6217
|
-
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
6232
|
+
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
|
|
6218
6233
|
logger?.verbose("setCachedAccount called", correlationId);
|
|
6219
|
-
|
|
6220
|
-
|
|
6221
|
-
|
|
6222
|
-
|
|
6223
|
-
|
|
6224
|
-
|
|
6225
|
-
|
|
6226
|
-
|
|
6234
|
+
/*
|
|
6235
|
+
* Check if base account is already cached. Filter by homeAccountId (identifies
|
|
6236
|
+
* the user's home identity) and environment (identifies the cloud) — the two
|
|
6237
|
+
* tenant-agnostic properties that uniquely locate a base AccountEntity.
|
|
6238
|
+
*/
|
|
6239
|
+
const accountEnvironment = environment || authority.getPreferredCache();
|
|
6240
|
+
const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
|
|
6241
|
+
performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
|
|
6242
|
+
if (matchedAccounts.length > 1) {
|
|
6243
|
+
/*
|
|
6244
|
+
* Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
|
|
6245
|
+
* If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
|
|
6246
|
+
*/
|
|
6247
|
+
logger?.warning("Multiple base accounts matched homeAccountId. Ignoring cached account and creating a new base account.", correlationId);
|
|
6227
6248
|
}
|
|
6249
|
+
const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
|
|
6228
6250
|
const baseAccount = cachedAccount ||
|
|
6229
6251
|
createAccountEntity({
|
|
6230
6252
|
homeAccountId,
|
|
@@ -7172,6 +7194,8 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
|
|
|
7172
7194
|
addResponseMode(parameters, request.responseMode);
|
|
7173
7195
|
// add client_info=1
|
|
7174
7196
|
addClientInfo(parameters);
|
|
7197
|
+
// add clidata=1
|
|
7198
|
+
addCliData(parameters);
|
|
7175
7199
|
if (request.prompt) {
|
|
7176
7200
|
addPrompt(parameters, request.prompt);
|
|
7177
7201
|
performanceClient?.addFields({ prompt: request.prompt }, correlationId);
|
|
@@ -7839,4 +7863,4 @@ exports.invokeAsync = invokeAsync;
|
|
|
7839
7863
|
exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
|
|
7840
7864
|
exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
|
|
7841
7865
|
exports.version = version;
|
|
7842
|
-
//# sourceMappingURL=index-node-
|
|
7866
|
+
//# sourceMappingURL=index-node-5FoJ00Jc.js.map
|