@azure/msal-common 16.3.0 → 16.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (212) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.d.ts.map +1 -1
  17. package/dist/cache/CacheManager.mjs +6 -1
  18. package/dist/cache/CacheManager.mjs.map +1 -1
  19. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  20. package/dist/cache/utils/AccountEntityUtils.mjs +1 -1
  21. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  22. package/dist/client/AuthorizationCodeClient.mjs +1 -1
  23. package/dist/client/RefreshTokenClient.mjs +1 -1
  24. package/dist/client/SilentFlowClient.mjs +1 -1
  25. package/dist/config/ClientConfiguration.mjs +1 -1
  26. package/dist/constants/AADServerParamKeys.d.ts +1 -0
  27. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  28. package/dist/constants/AADServerParamKeys.mjs +4 -3
  29. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  30. package/dist/crypto/ICrypto.mjs +1 -1
  31. package/dist/crypto/JoseHeader.mjs +1 -1
  32. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  33. package/dist/error/AuthError.mjs +1 -1
  34. package/dist/error/AuthErrorCodes.mjs +1 -1
  35. package/dist/error/CacheError.mjs +1 -1
  36. package/dist/error/CacheErrorCodes.mjs +1 -1
  37. package/dist/error/ClientAuthError.mjs +1 -1
  38. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  39. package/dist/error/ClientConfigurationError.mjs +1 -1
  40. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  41. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  42. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  43. package/dist/error/JoseHeaderError.mjs +1 -1
  44. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  45. package/dist/error/NetworkError.mjs +1 -1
  46. package/dist/error/PlatformBrokerError.mjs +1 -1
  47. package/dist/error/ServerError.mjs +1 -1
  48. package/dist/index-node.mjs +1 -1
  49. package/dist/index.mjs +1 -1
  50. package/dist/logger/Logger.mjs +1 -1
  51. package/dist/network/INetworkModule.mjs +1 -1
  52. package/dist/network/RequestThumbprint.mjs +1 -1
  53. package/dist/network/ThrottlingUtils.mjs +1 -1
  54. package/dist/packageMetadata.d.ts +1 -1
  55. package/dist/packageMetadata.mjs +2 -2
  56. package/dist/protocol/Authorize.d.ts.map +1 -1
  57. package/dist/protocol/Authorize.mjs +4 -2
  58. package/dist/protocol/Authorize.mjs.map +1 -1
  59. package/dist/protocol/Token.mjs +1 -1
  60. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  61. package/dist/request/BaseAuthRequest.mjs +1 -1
  62. package/dist/request/RequestParameterBuilder.d.ts +4 -0
  63. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  64. package/dist/request/RequestParameterBuilder.mjs +9 -3
  65. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  66. package/dist/request/ScopeSet.mjs +1 -1
  67. package/dist/response/AuthorizeResponse.d.ts +7 -0
  68. package/dist/response/AuthorizeResponse.d.ts.map +1 -1
  69. package/dist/response/ResponseHandler.d.ts +9 -9
  70. package/dist/response/ResponseHandler.d.ts.map +1 -1
  71. package/dist/response/ResponseHandler.mjs +27 -20
  72. package/dist/response/ResponseHandler.mjs.map +1 -1
  73. package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  74. package/dist/telemetry/performance/PerformanceClient.mjs +5 -3
  75. package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
  76. package/dist/telemetry/performance/PerformanceEvent.d.ts +12 -0
  77. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  78. package/dist/telemetry/performance/PerformanceEvent.mjs +2 -1
  79. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  80. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  81. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  82. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  83. package/dist/url/UrlString.mjs +1 -1
  84. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  85. package/dist/utils/Constants.mjs +1 -1
  86. package/dist/utils/FunctionWrappers.mjs +1 -1
  87. package/dist/utils/ProtocolUtils.mjs +1 -1
  88. package/dist/utils/StringUtils.mjs +1 -1
  89. package/dist/utils/TimeUtils.mjs +1 -1
  90. package/dist/utils/UrlUtils.mjs +1 -1
  91. package/dist-browser/account/AccountInfo.mjs +1 -1
  92. package/dist-browser/account/AuthToken.mjs +1 -1
  93. package/dist-browser/account/CcsCredential.mjs +1 -1
  94. package/dist-browser/account/ClientInfo.mjs +1 -1
  95. package/dist-browser/account/TokenClaims.mjs +1 -1
  96. package/dist-browser/authority/Authority.mjs +1 -1
  97. package/dist-browser/authority/AuthorityFactory.mjs +1 -1
  98. package/dist-browser/authority/AuthorityMetadata.mjs +1 -1
  99. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  100. package/dist-browser/authority/AuthorityType.mjs +1 -1
  101. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  102. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  103. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  104. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  105. package/dist-browser/authority/RegionDiscovery.mjs +1 -1
  106. package/dist-browser/cache/CacheManager.d.ts.map +1 -1
  107. package/dist-browser/cache/CacheManager.mjs +6 -1
  108. package/dist-browser/cache/CacheManager.mjs.map +1 -1
  109. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  110. package/dist-browser/cache/utils/AccountEntityUtils.mjs +1 -1
  111. package/dist-browser/cache/utils/CacheHelpers.mjs +1 -1
  112. package/dist-browser/client/AuthorizationCodeClient.mjs +1 -1
  113. package/dist-browser/client/RefreshTokenClient.mjs +1 -1
  114. package/dist-browser/client/SilentFlowClient.mjs +1 -1
  115. package/dist-browser/config/ClientConfiguration.mjs +1 -1
  116. package/dist-browser/constants/AADServerParamKeys.d.ts +1 -0
  117. package/dist-browser/constants/AADServerParamKeys.d.ts.map +1 -1
  118. package/dist-browser/constants/AADServerParamKeys.mjs +4 -3
  119. package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
  120. package/dist-browser/crypto/ICrypto.mjs +1 -1
  121. package/dist-browser/crypto/JoseHeader.mjs +1 -1
  122. package/dist-browser/crypto/PopTokenGenerator.mjs +1 -1
  123. package/dist-browser/error/AuthError.mjs +1 -1
  124. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  125. package/dist-browser/error/CacheError.mjs +1 -1
  126. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  127. package/dist-browser/error/ClientAuthError.mjs +1 -1
  128. package/dist-browser/error/ClientAuthErrorCodes.mjs +1 -1
  129. package/dist-browser/error/ClientConfigurationError.mjs +1 -1
  130. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  131. package/dist-browser/error/InteractionRequiredAuthError.mjs +1 -1
  132. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  133. package/dist-browser/error/JoseHeaderError.mjs +1 -1
  134. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  135. package/dist-browser/error/NetworkError.mjs +1 -1
  136. package/dist-browser/error/PlatformBrokerError.mjs +1 -1
  137. package/dist-browser/error/ServerError.mjs +1 -1
  138. package/dist-browser/index-browser.mjs +1 -1
  139. package/dist-browser/index.mjs +1 -1
  140. package/dist-browser/log-strings-mapping.json +11 -3
  141. package/dist-browser/logger/Logger.mjs +1 -1
  142. package/dist-browser/network/INetworkModule.mjs +1 -1
  143. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  144. package/dist-browser/network/ThrottlingUtils.mjs +1 -1
  145. package/dist-browser/packageMetadata.d.ts +1 -1
  146. package/dist-browser/packageMetadata.mjs +2 -2
  147. package/dist-browser/protocol/Authorize.d.ts.map +1 -1
  148. package/dist-browser/protocol/Authorize.mjs +4 -2
  149. package/dist-browser/protocol/Authorize.mjs.map +1 -1
  150. package/dist-browser/protocol/Token.mjs +1 -1
  151. package/dist-browser/request/AuthenticationHeaderParser.mjs +1 -1
  152. package/dist-browser/request/BaseAuthRequest.mjs +1 -1
  153. package/dist-browser/request/RequestParameterBuilder.d.ts +4 -0
  154. package/dist-browser/request/RequestParameterBuilder.d.ts.map +1 -1
  155. package/dist-browser/request/RequestParameterBuilder.mjs +9 -3
  156. package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
  157. package/dist-browser/request/ScopeSet.mjs +1 -1
  158. package/dist-browser/response/AuthorizeResponse.d.ts +7 -0
  159. package/dist-browser/response/AuthorizeResponse.d.ts.map +1 -1
  160. package/dist-browser/response/ResponseHandler.d.ts +9 -9
  161. package/dist-browser/response/ResponseHandler.d.ts.map +1 -1
  162. package/dist-browser/response/ResponseHandler.mjs +27 -20
  163. package/dist-browser/response/ResponseHandler.mjs.map +1 -1
  164. package/dist-browser/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  165. package/dist-browser/telemetry/performance/PerformanceClient.mjs +5 -3
  166. package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
  167. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts +12 -0
  168. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  169. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +2 -1
  170. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  171. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  172. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  173. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
  174. package/dist-browser/url/UrlString.mjs +1 -1
  175. package/dist-browser/utils/ClientAssertionUtils.mjs +1 -1
  176. package/dist-browser/utils/Constants.mjs +1 -1
  177. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  178. package/dist-browser/utils/ProtocolUtils.mjs +1 -1
  179. package/dist-browser/utils/StringUtils.mjs +1 -1
  180. package/dist-browser/utils/TimeUtils.mjs +1 -1
  181. package/dist-browser/utils/UrlUtils.mjs +1 -1
  182. package/lib/index-browser.cjs +6 -4
  183. package/lib/index-browser.cjs.map +1 -1
  184. package/lib/{index-node-BUrdOQX5.js → index-node-5FoJ00Jc.js} +150 -126
  185. package/lib/index-node-5FoJ00Jc.js.map +1 -0
  186. package/lib/index-node.cjs +2 -2
  187. package/lib/index.cjs +2 -2
  188. package/lib/types/cache/CacheManager.d.ts.map +1 -1
  189. package/lib/types/constants/AADServerParamKeys.d.ts +1 -0
  190. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  191. package/lib/types/packageMetadata.d.ts +1 -1
  192. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  193. package/lib/types/request/RequestParameterBuilder.d.ts +4 -0
  194. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  195. package/lib/types/response/AuthorizeResponse.d.ts +7 -0
  196. package/lib/types/response/AuthorizeResponse.d.ts.map +1 -1
  197. package/lib/types/response/ResponseHandler.d.ts +9 -9
  198. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  199. package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  200. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +12 -0
  201. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  202. package/package.json +1 -1
  203. package/src/cache/CacheManager.ts +12 -0
  204. package/src/constants/AADServerParamKeys.ts +1 -0
  205. package/src/packageMetadata.ts +1 -1
  206. package/src/protocol/Authorize.ts +3 -0
  207. package/src/request/RequestParameterBuilder.ts +7 -0
  208. package/src/response/AuthorizeResponse.ts +7 -0
  209. package/src/response/ResponseHandler.ts +67 -47
  210. package/src/telemetry/performance/PerformanceClient.ts +4 -2
  211. package/src/telemetry/performance/PerformanceEvent.ts +17 -0
  212. package/lib/index-node-BUrdOQX5.js.map +0 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v16.3.0 2026-03-13 */
1
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -2875,7 +2875,8 @@ const BROKER_REDIRECT_URI = "brk_redirect_uri";
2875
2875
  const INSTANCE_AWARE = "instance_aware";
2876
2876
  const EAR_JWK = "ear_jwk";
2877
2877
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
2878
- const RESOURCE = "resource";
2878
+ const RESOURCE = "resource";
2879
+ const CLI_DATA = "clidata";
2879
2880
 
2880
2881
  var AADServerParamKeys = /*#__PURE__*/Object.freeze({
2881
2882
  __proto__: null,
@@ -2890,6 +2891,7 @@ var AADServerParamKeys = /*#__PURE__*/Object.freeze({
2890
2891
  CLIENT_INFO: CLIENT_INFO,
2891
2892
  CLIENT_REQUEST_ID: CLIENT_REQUEST_ID,
2892
2893
  CLIENT_SECRET: CLIENT_SECRET,
2894
+ CLI_DATA: CLI_DATA,
2893
2895
  CODE: CODE,
2894
2896
  CODE_CHALLENGE: CODE_CHALLENGE,
2895
2897
  CODE_CHALLENGE_METHOD: CODE_CHALLENGE_METHOD,
@@ -3761,6 +3763,12 @@ function addGrantType(parameters, grantType) {
3761
3763
  function addClientInfo(parameters) {
3762
3764
  parameters.set(CLIENT_INFO$1, "1");
3763
3765
  }
3766
+ /**
3767
+ * add clidata=1 to request to indicate client data support
3768
+ */
3769
+ function addCliData(parameters) {
3770
+ parameters.set(CLI_DATA, "1");
3771
+ }
3764
3772
  function addInstanceAware(parameters) {
3765
3773
  if (!parameters.has(INSTANCE_AWARE)) {
3766
3774
  parameters.set(INSTANCE_AWARE, "true");
@@ -3889,6 +3897,7 @@ var RequestParameterBuilder = /*#__PURE__*/Object.freeze({
3889
3897
  addCcsOid: addCcsOid,
3890
3898
  addCcsUpn: addCcsUpn,
3891
3899
  addClaims: addClaims,
3900
+ addCliData: addCliData,
3892
3901
  addClientAssertion: addClientAssertion,
3893
3902
  addClientAssertionType: addClientAssertionType,
3894
3903
  addClientCapabilitiesToClaims: addClientCapabilitiesToClaims,
@@ -4244,7 +4253,7 @@ class Logger {
4244
4253
 
4245
4254
  /* eslint-disable header/header */
4246
4255
  const name = "@azure/msal-common";
4247
- const version = "16.3.0";
4256
+ const version = "16.4.1";
4248
4257
 
4249
4258
  /*
4250
4259
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4323,6 +4332,11 @@ class CacheManager {
4323
4332
  * Gets first tenanted AccountInfo object found based on provided filters
4324
4333
  */
4325
4334
  getAccountInfoFilteredBy(accountFilter, correlationId) {
4335
+ if (Object.keys(accountFilter).length === 0 ||
4336
+ Object.values(accountFilter).every((value) => value === null || value === undefined || value === "")) {
4337
+ this.commonLogger.warning("getAccountInfoFilteredBy: Account filter is empty or invalid, returning null", correlationId);
4338
+ return null;
4339
+ }
4326
4340
  const allAccounts = this.getAllAccounts(accountFilter, correlationId);
4327
4341
  if (allAccounts.length > 1) {
4328
4342
  // If one or more accounts are found, prioritize accounts that have an ID token
@@ -5435,6 +5449,7 @@ const IntFields = new Set([
5435
5449
  "currRefreshCount",
5436
5450
  "expiredCacheRemovedCount",
5437
5451
  "upgradedCacheCount",
5452
+ "cacheMatchedAccounts",
5438
5453
  "networkRtt",
5439
5454
  "redirectBridgeTimeoutMs",
5440
5455
  "redirectBridgeMessageVersion",
@@ -5591,15 +5606,102 @@ function isOidcProtocolMode(config) {
5591
5606
  * Licensed under the MIT License.
5592
5607
  */
5593
5608
  /**
5594
- * Error thrown when there is an error with the server code, for example, unavailability.
5609
+ * This class instance helps track the memory changes facilitating
5610
+ * decisions to read from and write to the persistent cache
5611
+ */ class TokenCacheContext {
5612
+ constructor(tokenCache, hasChanged) {
5613
+ this.cache = tokenCache;
5614
+ this.hasChanged = hasChanged;
5615
+ }
5616
+ /**
5617
+ * boolean which indicates the changes in cache
5618
+ */
5619
+ get cacheHasChanged() {
5620
+ return this.hasChanged;
5621
+ }
5622
+ /**
5623
+ * function to retrieve the token cache
5624
+ */
5625
+ get tokenCache() {
5626
+ return this.cache;
5627
+ }
5628
+ }
5629
+
5630
+ /*
5631
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5632
+ * Licensed under the MIT License.
5595
5633
  */
5596
- class ServerError extends AuthError {
5597
- constructor(errorCode, errorMessage, subError, errorNo, status) {
5598
- super(errorCode, errorMessage, subError);
5599
- this.name = "ServerError";
5600
- this.errorNo = errorNo;
5601
- this.status = status;
5602
- Object.setPrototypeOf(this, ServerError.prototype);
5634
+ const KeyLocation = {
5635
+ SW: "sw"};
5636
+ /** @internal */
5637
+ class PopTokenGenerator {
5638
+ constructor(cryptoUtils, performanceClient) {
5639
+ this.cryptoUtils = cryptoUtils;
5640
+ this.performanceClient = performanceClient;
5641
+ }
5642
+ /**
5643
+ * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
5644
+ * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
5645
+ * @param request
5646
+ * @returns
5647
+ */
5648
+ async generateCnf(request, logger) {
5649
+ const reqCnf = await invokeAsync(this.generateKid.bind(this), PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);
5650
+ const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf));
5651
+ return {
5652
+ kid: reqCnf.kid,
5653
+ reqCnfString,
5654
+ };
5655
+ }
5656
+ /**
5657
+ * Generates key_id for a SHR token request
5658
+ * @param request
5659
+ * @returns
5660
+ */
5661
+ async generateKid(request) {
5662
+ const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);
5663
+ return {
5664
+ kid: kidThumbprint,
5665
+ xms_ksl: KeyLocation.SW,
5666
+ };
5667
+ }
5668
+ /**
5669
+ * Signs the POP access_token with the local generated key-pair
5670
+ * @param accessToken
5671
+ * @param request
5672
+ * @returns
5673
+ */
5674
+ async signPopToken(accessToken, keyId, request) {
5675
+ return this.signPayload(accessToken, keyId, request);
5676
+ }
5677
+ /**
5678
+ * Utility function to generate the signed JWT for an access_token
5679
+ * @param payload
5680
+ * @param kid
5681
+ * @param request
5682
+ * @param claims
5683
+ * @returns
5684
+ */
5685
+ async signPayload(payload, keyId, request, claims) {
5686
+ // Deconstruct request to extract SHR parameters
5687
+ const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request;
5688
+ const resourceUrlString = resourceRequestUri
5689
+ ? new UrlString(resourceRequestUri)
5690
+ : undefined;
5691
+ const resourceUrlComponents = resourceUrlString?.getUrlComponents();
5692
+ return this.cryptoUtils.signJwt({
5693
+ at: payload,
5694
+ ts: nowSeconds(),
5695
+ m: resourceRequestMethod?.toUpperCase(),
5696
+ u: resourceUrlComponents?.HostNameAndPort,
5697
+ nonce: shrNonce || this.cryptoUtils.createNewGuid(),
5698
+ p: resourceUrlComponents?.AbsolutePath,
5699
+ q: resourceUrlComponents?.QueryString
5700
+ ? [[], resourceUrlComponents.QueryString]
5701
+ : undefined,
5702
+ client_claims: shrClaims || undefined,
5703
+ ...claims,
5704
+ }, keyId, shrOptions, request.correlationId);
5603
5705
  }
5604
5706
  }
5605
5707
 
@@ -5732,6 +5834,23 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
5732
5834
  return new InteractionRequiredAuthError(errorCode, errorMessage);
5733
5835
  }
5734
5836
 
5837
+ /*
5838
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5839
+ * Licensed under the MIT License.
5840
+ */
5841
+ /**
5842
+ * Error thrown when there is an error with the server code, for example, unavailability.
5843
+ */
5844
+ class ServerError extends AuthError {
5845
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
5846
+ super(errorCode, errorMessage, subError);
5847
+ this.name = "ServerError";
5848
+ this.errorNo = errorNo;
5849
+ this.status = status;
5850
+ Object.setPrototypeOf(this, ServerError.prototype);
5851
+ }
5852
+ }
5853
+
5735
5854
  /*
5736
5855
  * Copyright (c) Microsoft Corporation. All rights reserved.
5737
5856
  * Licensed under the MIT License.
@@ -5805,110 +5924,6 @@ var ProtocolUtils = /*#__PURE__*/Object.freeze({
5805
5924
  setRequestState: setRequestState
5806
5925
  });
5807
5926
 
5808
- /*
5809
- * Copyright (c) Microsoft Corporation. All rights reserved.
5810
- * Licensed under the MIT License.
5811
- */
5812
- const KeyLocation = {
5813
- SW: "sw"};
5814
- /** @internal */
5815
- class PopTokenGenerator {
5816
- constructor(cryptoUtils, performanceClient) {
5817
- this.cryptoUtils = cryptoUtils;
5818
- this.performanceClient = performanceClient;
5819
- }
5820
- /**
5821
- * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
5822
- * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
5823
- * @param request
5824
- * @returns
5825
- */
5826
- async generateCnf(request, logger) {
5827
- const reqCnf = await invokeAsync(this.generateKid.bind(this), PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);
5828
- const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf));
5829
- return {
5830
- kid: reqCnf.kid,
5831
- reqCnfString,
5832
- };
5833
- }
5834
- /**
5835
- * Generates key_id for a SHR token request
5836
- * @param request
5837
- * @returns
5838
- */
5839
- async generateKid(request) {
5840
- const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);
5841
- return {
5842
- kid: kidThumbprint,
5843
- xms_ksl: KeyLocation.SW,
5844
- };
5845
- }
5846
- /**
5847
- * Signs the POP access_token with the local generated key-pair
5848
- * @param accessToken
5849
- * @param request
5850
- * @returns
5851
- */
5852
- async signPopToken(accessToken, keyId, request) {
5853
- return this.signPayload(accessToken, keyId, request);
5854
- }
5855
- /**
5856
- * Utility function to generate the signed JWT for an access_token
5857
- * @param payload
5858
- * @param kid
5859
- * @param request
5860
- * @param claims
5861
- * @returns
5862
- */
5863
- async signPayload(payload, keyId, request, claims) {
5864
- // Deconstruct request to extract SHR parameters
5865
- const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request;
5866
- const resourceUrlString = resourceRequestUri
5867
- ? new UrlString(resourceRequestUri)
5868
- : undefined;
5869
- const resourceUrlComponents = resourceUrlString?.getUrlComponents();
5870
- return this.cryptoUtils.signJwt({
5871
- at: payload,
5872
- ts: nowSeconds(),
5873
- m: resourceRequestMethod?.toUpperCase(),
5874
- u: resourceUrlComponents?.HostNameAndPort,
5875
- nonce: shrNonce || this.cryptoUtils.createNewGuid(),
5876
- p: resourceUrlComponents?.AbsolutePath,
5877
- q: resourceUrlComponents?.QueryString
5878
- ? [[], resourceUrlComponents.QueryString]
5879
- : undefined,
5880
- client_claims: shrClaims || undefined,
5881
- ...claims,
5882
- }, keyId, shrOptions, request.correlationId);
5883
- }
5884
- }
5885
-
5886
- /*
5887
- * Copyright (c) Microsoft Corporation. All rights reserved.
5888
- * Licensed under the MIT License.
5889
- */
5890
- /**
5891
- * This class instance helps track the memory changes facilitating
5892
- * decisions to read from and write to the persistent cache
5893
- */ class TokenCacheContext {
5894
- constructor(tokenCache, hasChanged) {
5895
- this.cache = tokenCache;
5896
- this.hasChanged = hasChanged;
5897
- }
5898
- /**
5899
- * boolean which indicates the changes in cache
5900
- */
5901
- get cacheHasChanged() {
5902
- return this.hasChanged;
5903
- }
5904
- /**
5905
- * function to retrieve the token cache
5906
- */
5907
- get tokenCache() {
5908
- return this.cache;
5909
- }
5910
- }
5911
-
5912
5927
  /*
5913
5928
  * Copyright (c) Microsoft Corporation. All rights reserved.
5914
5929
  * Licensed under the MIT License.
@@ -6063,7 +6078,7 @@ class ResponseHandler {
6063
6078
  if (serverTokenResponse.id_token && !!idTokenClaims) {
6064
6079
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
6065
6080
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
6066
- this.logger);
6081
+ this.logger, this.performanceClient);
6067
6082
  }
6068
6083
  // AccessToken
6069
6084
  let cachedAccessToken = null;
@@ -6214,17 +6229,24 @@ class ResponseHandler {
6214
6229
  };
6215
6230
  }
6216
6231
  }
6217
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
6232
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
6218
6233
  logger?.verbose("setCachedAccount called", correlationId);
6219
- // Check if base account is already cached
6220
- const accountKeys = cacheStorage.getAccountKeys();
6221
- const baseAccountKey = accountKeys.find((accountKey) => {
6222
- return accountKey.startsWith(homeAccountId);
6223
- });
6224
- let cachedAccount = null;
6225
- if (baseAccountKey) {
6226
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
6234
+ /*
6235
+ * Check if base account is already cached. Filter by homeAccountId (identifies
6236
+ * the user's home identity) and environment (identifies the cloud) the two
6237
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
6238
+ */
6239
+ const accountEnvironment = environment || authority.getPreferredCache();
6240
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
6241
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
6242
+ if (matchedAccounts.length > 1) {
6243
+ /*
6244
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
6245
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
6246
+ */
6247
+ logger?.warning("Multiple base accounts matched homeAccountId. Ignoring cached account and creating a new base account.", correlationId);
6227
6248
  }
6249
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
6228
6250
  const baseAccount = cachedAccount ||
6229
6251
  createAccountEntity({
6230
6252
  homeAccountId,
@@ -7172,6 +7194,8 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
7172
7194
  addResponseMode(parameters, request.responseMode);
7173
7195
  // add client_info=1
7174
7196
  addClientInfo(parameters);
7197
+ // add clidata=1
7198
+ addCliData(parameters);
7175
7199
  if (request.prompt) {
7176
7200
  addPrompt(parameters, request.prompt);
7177
7201
  performanceClient?.addFields({ prompt: request.prompt }, correlationId);
@@ -7839,4 +7863,4 @@ exports.invokeAsync = invokeAsync;
7839
7863
  exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
7840
7864
  exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
7841
7865
  exports.version = version;
7842
- //# sourceMappingURL=index-node-BUrdOQX5.js.map
7866
+ //# sourceMappingURL=index-node-5FoJ00Jc.js.map