@azure/msal-common 16.6.0 → 16.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (162) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +140 -5
  7. package/dist/authority/Authority.mjs.map +1 -1
  8. package/dist/authority/AuthorityFactory.mjs +1 -1
  9. package/dist/authority/AuthorityMetadata.mjs +10 -1
  10. package/dist/authority/AuthorityMetadata.mjs.map +1 -1
  11. package/dist/authority/AuthorityOptions.mjs +1 -1
  12. package/dist/authority/AuthorityType.mjs +1 -1
  13. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  14. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  15. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  16. package/dist/authority/ProtocolMode.mjs +1 -1
  17. package/dist/authority/RegionDiscovery.mjs +1 -1
  18. package/dist/cache/CacheManager.mjs +1 -1
  19. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  20. package/dist/cache/utils/AccountEntityUtils.mjs +1 -1
  21. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  22. package/dist/client/AuthorizationCodeClient.mjs +1 -1
  23. package/dist/client/RefreshTokenClient.mjs +1 -1
  24. package/dist/client/SilentFlowClient.mjs +1 -1
  25. package/dist/config/ClientConfiguration.mjs +1 -1
  26. package/dist/constants/AADServerParamKeys.mjs +1 -1
  27. package/dist/crypto/ICrypto.mjs +1 -1
  28. package/dist/crypto/JoseHeader.mjs +1 -1
  29. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  30. package/dist/error/AuthError.mjs +1 -1
  31. package/dist/error/AuthErrorCodes.mjs +1 -1
  32. package/dist/error/CacheError.mjs +1 -1
  33. package/dist/error/CacheErrorCodes.mjs +1 -1
  34. package/dist/error/ClientAuthError.mjs +1 -1
  35. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  36. package/dist/error/ClientConfigurationError.mjs +1 -1
  37. package/dist/error/ClientConfigurationErrorCodes.mjs +4 -3
  38. package/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
  39. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  40. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  41. package/dist/error/JoseHeaderError.mjs +1 -1
  42. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  43. package/dist/error/NetworkError.mjs +1 -1
  44. package/dist/error/PlatformBrokerError.mjs +1 -1
  45. package/dist/error/ServerError.mjs +1 -1
  46. package/dist/index-node.mjs +1 -1
  47. package/dist/index.mjs +1 -1
  48. package/dist/logger/Logger.mjs +1 -1
  49. package/dist/network/INetworkModule.mjs +1 -1
  50. package/dist/network/RequestThumbprint.mjs +1 -1
  51. package/dist/network/ThrottlingUtils.mjs +1 -1
  52. package/dist/packageMetadata.mjs +2 -2
  53. package/dist/protocol/Authorize.mjs +1 -1
  54. package/dist/protocol/Token.mjs +1 -1
  55. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  56. package/dist/request/BaseAuthRequest.mjs +1 -1
  57. package/dist/request/RequestParameterBuilder.mjs +1 -1
  58. package/dist/request/ScopeSet.mjs +1 -1
  59. package/dist/response/ResponseHandler.mjs +1 -1
  60. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  61. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  62. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  63. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  64. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  65. package/dist/url/UrlString.mjs +1 -1
  66. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  67. package/dist/utils/Constants.mjs +1 -1
  68. package/dist/utils/FunctionWrappers.mjs +1 -1
  69. package/dist/utils/ProtocolUtils.mjs +1 -1
  70. package/dist/utils/StringUtils.mjs +1 -1
  71. package/dist/utils/TimeUtils.mjs +1 -1
  72. package/dist/utils/UrlUtils.mjs +1 -1
  73. package/dist-browser/account/AccountInfo.mjs +1 -1
  74. package/dist-browser/account/AuthToken.mjs +1 -1
  75. package/dist-browser/account/CcsCredential.mjs +1 -1
  76. package/dist-browser/account/ClientInfo.mjs +1 -1
  77. package/dist-browser/account/TokenClaims.mjs +1 -1
  78. package/dist-browser/authority/Authority.mjs +140 -5
  79. package/dist-browser/authority/Authority.mjs.map +1 -1
  80. package/dist-browser/authority/AuthorityFactory.mjs +1 -1
  81. package/dist-browser/authority/AuthorityMetadata.mjs +10 -1
  82. package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
  83. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  84. package/dist-browser/authority/AuthorityType.mjs +1 -1
  85. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  86. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  87. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  88. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  89. package/dist-browser/authority/RegionDiscovery.mjs +1 -1
  90. package/dist-browser/cache/CacheManager.mjs +1 -1
  91. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  92. package/dist-browser/cache/utils/AccountEntityUtils.mjs +1 -1
  93. package/dist-browser/cache/utils/CacheHelpers.mjs +1 -1
  94. package/dist-browser/client/AuthorizationCodeClient.mjs +1 -1
  95. package/dist-browser/client/RefreshTokenClient.mjs +1 -1
  96. package/dist-browser/client/SilentFlowClient.mjs +1 -1
  97. package/dist-browser/config/ClientConfiguration.mjs +1 -1
  98. package/dist-browser/constants/AADServerParamKeys.mjs +1 -1
  99. package/dist-browser/crypto/ICrypto.mjs +1 -1
  100. package/dist-browser/crypto/JoseHeader.mjs +1 -1
  101. package/dist-browser/crypto/PopTokenGenerator.mjs +1 -1
  102. package/dist-browser/error/AuthError.mjs +1 -1
  103. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  104. package/dist-browser/error/CacheError.mjs +1 -1
  105. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  106. package/dist-browser/error/ClientAuthError.mjs +1 -1
  107. package/dist-browser/error/ClientAuthErrorCodes.mjs +1 -1
  108. package/dist-browser/error/ClientConfigurationError.mjs +1 -1
  109. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +4 -3
  110. package/dist-browser/error/ClientConfigurationErrorCodes.mjs.map +1 -1
  111. package/dist-browser/error/InteractionRequiredAuthError.mjs +1 -1
  112. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  113. package/dist-browser/error/JoseHeaderError.mjs +1 -1
  114. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  115. package/dist-browser/error/NetworkError.mjs +1 -1
  116. package/dist-browser/error/PlatformBrokerError.mjs +1 -1
  117. package/dist-browser/error/ServerError.mjs +1 -1
  118. package/dist-browser/index-browser.mjs +1 -1
  119. package/dist-browser/index.mjs +1 -1
  120. package/dist-browser/log-strings-mapping.json +4 -4
  121. package/dist-browser/logger/Logger.mjs +1 -1
  122. package/dist-browser/network/INetworkModule.mjs +1 -1
  123. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  124. package/dist-browser/network/ThrottlingUtils.mjs +1 -1
  125. package/dist-browser/packageMetadata.mjs +2 -2
  126. package/dist-browser/protocol/Authorize.mjs +1 -1
  127. package/dist-browser/protocol/Token.mjs +1 -1
  128. package/dist-browser/request/AuthenticationHeaderParser.mjs +1 -1
  129. package/dist-browser/request/BaseAuthRequest.mjs +1 -1
  130. package/dist-browser/request/RequestParameterBuilder.mjs +1 -1
  131. package/dist-browser/request/ScopeSet.mjs +1 -1
  132. package/dist-browser/response/ResponseHandler.mjs +1 -1
  133. package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
  134. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
  135. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  136. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  137. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
  138. package/dist-browser/url/UrlString.mjs +1 -1
  139. package/dist-browser/utils/ClientAssertionUtils.mjs +1 -1
  140. package/dist-browser/utils/Constants.mjs +1 -1
  141. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  142. package/dist-browser/utils/ProtocolUtils.mjs +1 -1
  143. package/dist-browser/utils/StringUtils.mjs +1 -1
  144. package/dist-browser/utils/TimeUtils.mjs +1 -1
  145. package/dist-browser/utils/UrlUtils.mjs +1 -1
  146. package/lib/index-browser.cjs +2 -2
  147. package/lib/{index-node-BtcbvYTx.js → index-node-Cr_rbZzO.js} +152 -6
  148. package/lib/index-node-Cr_rbZzO.js.map +1 -0
  149. package/lib/index-node.cjs +2 -2
  150. package/lib/index.cjs +2 -2
  151. package/package.json +1 -1
  152. package/src/authority/Authority.ts +189 -2
  153. package/src/authority/AuthorityMetadata.ts +9 -0
  154. package/src/error/ClientConfigurationErrorCodes.ts +1 -0
  155. package/src/packageMetadata.ts +1 -1
  156. package/types/authority/Authority.d.ts +47 -1
  157. package/types/authority/Authority.d.ts.map +1 -1
  158. package/types/authority/AuthorityMetadata.d.ts.map +1 -1
  159. package/types/error/ClientConfigurationErrorCodes.d.ts +1 -0
  160. package/types/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
  161. package/types/packageMetadata.d.ts +1 -1
  162. package/lib/index-node-BtcbvYTx.js.map +0 -1
@@ -427,7 +427,7 @@ export class Authority {
427
427
  }
428
428
 
429
429
  /**
430
- * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built
430
+ * Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
431
431
  * from the configured canonical authority
432
432
  * @returns
433
433
  */
@@ -547,6 +547,9 @@ export class Authority {
547
547
  this.correlationId
548
548
  )();
549
549
  if (metadata) {
550
+ // Validate the issuer returned by the OIDC discovery document.
551
+ this.validateIssuer(metadata.issuer);
552
+
550
553
  // If the user prefers to use an azure region replace the global endpoints with regional information.
551
554
  if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
552
555
  metadata = await invokeAsync(
@@ -839,7 +842,7 @@ export class Authority {
839
842
  metadataEntity: AuthorityMetadataEntity
840
843
  ): Constants.AuthorityMetadataSource | null {
841
844
  this.logger.verbose(
842
- "Attempting to get cloud discovery metadata from authority configuration",
845
+ "Attempting to get cloud discovery metadata from authority configuration",
843
846
  this.correlationId
844
847
  );
845
848
  this.logger.verbosePii(
@@ -1195,6 +1198,190 @@ export class Authority {
1195
1198
  return InstanceDiscoveryMetadataAliases.has(host);
1196
1199
  }
1197
1200
 
1201
+ /**
1202
+ * Validates the `issuer` returned by an OIDC discovery document against
1203
+ * this authority, per
1204
+ * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
1205
+ *
1206
+ * The issuer is accepted when ANY of the following holds:
1207
+ * 1. The issuer scheme + host + port match the authority's (path may
1208
+ * differ). Applies to all authorities.
1209
+ * 2. The authority is a Microsoft cloud authority (public, sovereign,
1210
+ * or CIAM), the issuer is HTTPS, and the issuer host is in the known
1211
+ * Microsoft authority host set.
1212
+ * 3. Same as (2), but the issuer host is a single-label regional variant
1213
+ * of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
1214
+ * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
1215
+ * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
1216
+ * path.
1217
+ *
1218
+ * @param issuer The `issuer` value returned in the OIDC discovery document.
1219
+ * @throws ClientConfigurationError("issuer_validation_failed") on failure.
1220
+ */
1221
+ private validateIssuer(issuer: string): void {
1222
+ if (!issuer) {
1223
+ throw createClientConfigurationError(
1224
+ ClientConfigurationErrorCodes.issuerValidationFailed
1225
+ );
1226
+ }
1227
+
1228
+ // Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
1229
+ let issuerUrl: URL;
1230
+ try {
1231
+ issuerUrl = new URL(issuer);
1232
+ } catch {
1233
+ throw createClientConfigurationError(
1234
+ ClientConfigurationErrorCodes.issuerValidationFailed
1235
+ );
1236
+ }
1237
+ const issuerScheme = issuerUrl.protocol;
1238
+ const issuerHost = issuerUrl.host;
1239
+ const authorityScheme = (
1240
+ this.canonicalAuthorityUrlComponents.Protocol || ""
1241
+ ).toLowerCase();
1242
+ const authorityHost = (
1243
+ this.canonicalAuthorityUrlComponents.HostNameAndPort || ""
1244
+ ).toLowerCase();
1245
+
1246
+ // Rule 1: Same scheme and host
1247
+ const matchesAuthorityOrigin = this.matchesAuthorityOrigin(
1248
+ issuerScheme,
1249
+ issuerHost,
1250
+ authorityScheme,
1251
+ authorityHost
1252
+ );
1253
+
1254
+ // Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
1255
+ const matchesKnownMicrosoftHost =
1256
+ issuerScheme === "https:" &&
1257
+ this.isAliasOfKnownMicrosoftAuthority(issuerHost);
1258
+
1259
+ /*
1260
+ * Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
1261
+ * (HTTPS only). E.g. westus2.login.microsoft.com
1262
+ */
1263
+ const matchesRegionalMicrosoftHost =
1264
+ issuerScheme === "https:" &&
1265
+ this.matchesRegionalMicrosoftHost(issuerHost);
1266
+
1267
+ /*
1268
+ * Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
1269
+ * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
1270
+ */
1271
+ const matchesCiamTenantPattern = this.matchesCiamTenantPattern(
1272
+ issuerUrl,
1273
+ authorityHost,
1274
+ this.canonicalAuthorityUrlComponents.PathSegments
1275
+ );
1276
+
1277
+ // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
1278
+ if (
1279
+ matchesAuthorityOrigin ||
1280
+ matchesKnownMicrosoftHost ||
1281
+ matchesRegionalMicrosoftHost ||
1282
+ matchesCiamTenantPattern
1283
+ ) {
1284
+ return;
1285
+ }
1286
+
1287
+ // issuer validation fails if none of the above rules are satisfied
1288
+ throw createClientConfigurationError(
1289
+ ClientConfigurationErrorCodes.issuerValidationFailed
1290
+ );
1291
+ }
1292
+
1293
+ /**
1294
+ * Rule 1: The issuer scheme + host (and port) match the authority's. Path
1295
+ * may differ. Applies to all authorities.
1296
+ */
1297
+ private matchesAuthorityOrigin(
1298
+ issuerScheme: string,
1299
+ issuerHost: string,
1300
+ authorityScheme: string,
1301
+ authorityHost: string
1302
+ ): boolean {
1303
+ return issuerScheme === authorityScheme && issuerHost === authorityHost;
1304
+ }
1305
+
1306
+ /**
1307
+ * Rule 3: The issuer host is a regional variant
1308
+ * (`{region}.{host}`) of a known Microsoft authority host.
1309
+ * E.g. `westus2.login.microsoft.com`.
1310
+ */
1311
+ private matchesRegionalMicrosoftHost(issuerHost: string): boolean {
1312
+ const firstDot = issuerHost.indexOf(".");
1313
+ if (firstDot > 0 && firstDot < issuerHost.length - 1) {
1314
+ const hostWithoutRegion = issuerHost.substring(firstDot + 1);
1315
+ return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
1316
+ }
1317
+ return false;
1318
+ }
1319
+
1320
+ /**
1321
+ * Rule 4: The issuer matches one of the well-known CIAM tenant patterns
1322
+ * (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
1323
+ *
1324
+ * The bare tenant name is extracted from the authority's first path segment
1325
+ * when available (stripping the `.onmicrosoft.com` suffix that
1326
+ * `transformCIAMAuthority` adds), or otherwise from the leftmost label of
1327
+ * the authority host (to support CIAM custom domain scenarios).
1328
+ *
1329
+ * Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
1330
+ * because the OIDC issuer may use either form depending on the authority URL
1331
+ * that was used to trigger discovery.
1332
+ */
1333
+ private matchesCiamTenantPattern(
1334
+ issuerUrl: URL,
1335
+ authorityHost: string,
1336
+ authorityPathSegments: string[]
1337
+ ): boolean {
1338
+ /*
1339
+ * authorityPathSegments[0] is the first path segment of the *authority
1340
+ * URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
1341
+ * Additional CIAM issuer path segments such as "/v2.0" are part of the
1342
+ * issuer string, not the authority URL's PathSegments.
1343
+ */
1344
+ const pathSegment = authorityPathSegments[0];
1345
+
1346
+ /*
1347
+ * Extract the bare tenant name: strip the .onmicrosoft.com suffix when
1348
+ * present (introduced by transformCIAMAuthority), or fall back to the
1349
+ * first label of the authority hostname for non-transformed/custom-domain
1350
+ * CIAM authorities.
1351
+ */
1352
+ const tenantName = pathSegment
1353
+ ? pathSegment.endsWith(Constants.AAD_TENANT_DOMAIN_SUFFIX)
1354
+ ? pathSegment.slice(
1355
+ 0,
1356
+ -Constants.AAD_TENANT_DOMAIN_SUFFIX.length
1357
+ )
1358
+ : pathSegment
1359
+ : authorityHost.split(".")[0];
1360
+
1361
+ if (!tenantName) {
1362
+ return false;
1363
+ }
1364
+
1365
+ const ciamBaseURL = `https://${tenantName}${Constants.CIAM_AUTH_URL}`;
1366
+ const validCiamPatterns: string[] = [
1367
+ ciamBaseURL, // https://{tenant}.ciamlogin.com
1368
+ `${ciamBaseURL}/${tenantName}`, // https://{tenant}.ciamlogin.com/{tenant}
1369
+ `${ciamBaseURL}/${tenantName}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}/v2.0
1370
+ `${ciamBaseURL}/${tenantName}${Constants.AAD_TENANT_DOMAIN_SUFFIX}`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com
1371
+ `${ciamBaseURL}/${tenantName}${Constants.AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
1372
+ ];
1373
+
1374
+ /*
1375
+ * Compose the canonical issuer string from URL components and strip any
1376
+ * trailing slashes from the path so it can be compared to the pattern set.
1377
+ */
1378
+ const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
1379
+ const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
1380
+ return validCiamPatterns.some(
1381
+ (pattern) => pattern === normalizedIssuer
1382
+ );
1383
+ }
1384
+
1198
1385
  /**
1199
1386
  * Checks whether the provided host is that of a public cloud authority
1200
1387
  *
@@ -105,6 +105,15 @@ export const rawMetdataJSON: RawMetadata = {
105
105
  preferred_cache: "login.sovcloud-identity.sg",
106
106
  aliases: ["login.sovcloud-identity.sg"],
107
107
  },
108
+ {
109
+ preferred_network: "login.windows-ppe.net",
110
+ preferred_cache: "login.windows-ppe.net",
111
+ aliases: [
112
+ "login.windows-ppe.net",
113
+ "sts.windows-ppe.net",
114
+ "login.microsoft-ppe.com",
115
+ ],
116
+ },
108
117
  ],
109
118
  },
110
119
  };
@@ -26,3 +26,4 @@ export const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
26
26
  export const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
27
27
  export const authorityMismatch = "authority_mismatch";
28
28
  export const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
29
+ export const issuerValidationFailed = "issuer_validation_failed";
@@ -1,3 +1,3 @@
1
1
  /* eslint-disable header/header */
2
2
  export const name = "@azure/msal-common";
3
- export const version = "16.6.0";
3
+ export const version = "16.6.1";
@@ -116,7 +116,7 @@ export declare class Authority {
116
116
  */
117
117
  resolveEndpointsAsync(): Promise<void>;
118
118
  /**
119
- * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built
119
+ * Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
120
120
  * from the configured canonical authority
121
121
  * @returns
122
122
  */
@@ -214,6 +214,52 @@ export declare class Authority {
214
214
  * @param host
215
215
  */
216
216
  isAliasOfKnownMicrosoftAuthority(host: string): boolean;
217
+ /**
218
+ * Validates the `issuer` returned by an OIDC discovery document against
219
+ * this authority, per
220
+ * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
221
+ *
222
+ * The issuer is accepted when ANY of the following holds:
223
+ * 1. The issuer scheme + host + port match the authority's (path may
224
+ * differ). Applies to all authorities.
225
+ * 2. The authority is a Microsoft cloud authority (public, sovereign,
226
+ * or CIAM), the issuer is HTTPS, and the issuer host is in the known
227
+ * Microsoft authority host set.
228
+ * 3. Same as (2), but the issuer host is a single-label regional variant
229
+ * of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
230
+ * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
231
+ * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
232
+ * path.
233
+ *
234
+ * @param issuer The `issuer` value returned in the OIDC discovery document.
235
+ * @throws ClientConfigurationError("issuer_validation_failed") on failure.
236
+ */
237
+ private validateIssuer;
238
+ /**
239
+ * Rule 1: The issuer scheme + host (and port) match the authority's. Path
240
+ * may differ. Applies to all authorities.
241
+ */
242
+ private matchesAuthorityOrigin;
243
+ /**
244
+ * Rule 3: The issuer host is a regional variant
245
+ * (`{region}.{host}`) of a known Microsoft authority host.
246
+ * E.g. `westus2.login.microsoft.com`.
247
+ */
248
+ private matchesRegionalMicrosoftHost;
249
+ /**
250
+ * Rule 4: The issuer matches one of the well-known CIAM tenant patterns
251
+ * (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
252
+ *
253
+ * The bare tenant name is extracted from the authority's first path segment
254
+ * when available (stripping the `.onmicrosoft.com` suffix that
255
+ * `transformCIAMAuthority` adds), or otherwise from the leftmost label of
256
+ * the authority host (to support CIAM custom domain scenarios).
257
+ *
258
+ * Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
259
+ * because the OIDC issuer may use either form depending on the authority URL
260
+ * that was used to trigger discovery.
261
+ */
262
+ private matchesCiamTenantPattern;
217
263
  /**
218
264
  * Checks whether the provided host is that of a public cloud authority
219
265
  *
@@ -1 +1 @@
1
- {"version":3,"file":"Authority.d.ts","sourceRoot":"","sources":["../../src/authority/Authority.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAEH,oBAAoB,EACvB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAKtC,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAY9D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AAEpE,OAAO,EACH,gBAAgB,EAEhB,sBAAsB,EACzB,MAAM,uBAAuB,CAAC;AAS/B,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAEvE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AAKpF;;;;GAIG;AACH,qBAAa,SAAS;IAElB,OAAO,CAAC,mBAAmB,CAAY;IAEvC,OAAO,CAAC,gCAAgC,CAAc;IAEtD,SAAS,CAAC,gBAAgB,EAAE,cAAc,CAAC;IAE3C,SAAS,CAAC,YAAY,EAAE,aAAa,CAAC;IAEtC,OAAO,CAAC,gBAAgB,CAAmB;IAE3C,OAAO,CAAC,QAAQ,CAA0B;IAE1C,OAAO,CAAC,eAAe,CAAkB;IAElC,uBAAuB,EAAE,uBAAuB,CAAC;IAExD,OAAO,CAAC,MAAM,CAAS;IAEvB,SAAS,CAAC,iBAAiB,EAAE,kBAAkB,CAAC;IAEhD,SAAS,CAAC,aAAa,EAAE,MAAM,CAAC;IAEhC,OAAO,CAAC,eAAe,CAAU;IAEjC,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAMjC;gBAGC,SAAS,EAAE,MAAM,EACjB,gBAAgB,EAAE,cAAc,EAChC,YAAY,EAAE,aAAa,EAC3B,gBAAgB,EAAE,gBAAgB,EAClC,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,EACrB,iBAAiB,EAAE,kBAAkB,EACrC,eAAe,CAAC,EAAE,OAAO;IAwB7B;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAqBxB,IAAW,aAAa,IAAI,aAAa,CAExC;IAED;;OAEG;IACH,IAAW,YAAY,IAAI,YAAY,CAEtC;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,gBAAgB,CAErC;IAED;;OAEG;IACH,IAAW,kBAAkB,IAAI,MAAM,CAEtC;IAED;;OAEG;IACH,IAAW,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAIxC;IAED;;OAEG;IACH,IAAW,+BAA+B,IAAI,IAAI,CAOjD;IAED;;OAEG;IACH,IAAW,eAAe,IAAI,MAAM,CAEnC;IAED;;OAEG;IACH,IAAW,MAAM,IAAI,MAAM,CAE1B;IAED;;OAEG;IACH,IAAW,qBAAqB,IAAI,MAAM,CAQzC;IAED;;OAEG;IACH,IAAW,aAAa,IAAI,MAAM,CAQjC;IAED,IAAW,kBAAkB,IAAI,MAAM,CAUtC;IAED;;OAEG;IACH,IAAW,kBAAkB,IAAI,MAAM,CActC;IAED;;OAEG;IACH,IAAW,qBAAqB,IAAI,MAAM,CAQzC;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,MAAM,CAQ3B;IAED;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAWxB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAIrB;;;OAGG;IACH,OAAO,CAAC,WAAW;IA4CnB;;OAEG;IACH,SAAS,KAAK,kCAAkC,IAAI,MAAM,CAWzD;IAED;;OAEG;IACH,iBAAiB,IAAI,OAAO;IAI5B;;;OAGG;IACU,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IAiCnD;;;;OAIG;IACH,OAAO,CAAC,wBAAwB;IA0BhC;;;;;;OAMG;IACH,OAAO,CAAC,oBAAoB;IA+B5B;;;OAGG;YACW,sBAAsB;IA0EpC;;;;;OAKG;IACH,OAAO,CAAC,sCAAsC;IAmE9C;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAc3B;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAgBrC;;;;OAIG;YACW,8BAA8B;IAwC5C;;OAEG;IACH,OAAO,CAAC,sCAAsC;IAQ9C;;;OAGG;YACW,qCAAqC;IAmDnD;;;;;OAKG;YACW,4BAA4B;IAiC1C,OAAO,CAAC,4CAA4C;IAwFpD;;OAEG;IACH,OAAO,CAAC,mCAAmC;IAoE3C;;;;OAIG;YACW,oCAAoC;IA6GlD;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAa5B;;;;OAIG;IACH,MAAM,CAAC,iBAAiB,CACpB,eAAe,EAAE,MAAM,EACvB,iBAAiB,CAAC,EAAE,iBAAiB,GACtC,MAAM;IAkBT;;;OAGG;IACH,MAAM,CAAC,oCAAoC,CACvC,IAAI,EAAE,MAAM,GACb,sBAAsB;IAQzB;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAY3B;;;OAGG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI9B;;;OAGG;IACH,gCAAgC,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIvD;;;;;OAKG;IACH,MAAM,CAAC,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIpD;;;;;OAKG;IACH,MAAM,CAAC,4BAA4B,CAC/B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,WAAW,CAAC,EAAE,MAAM,GACrB,MAAM;IAyBT;;;;;OAKG;IACH,MAAM,CAAC,8BAA8B,CACjC,QAAQ,EAAE,oBAAoB,EAC9B,WAAW,EAAE,MAAM,GACpB,oBAAoB;IAyBvB;;;;;;;;OAQG;IACH,MAAM,CAAC,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;CAmB3D;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CACxC,SAAS,EAAE,MAAM,GAClB,MAAM,GAAG,SAAS,CAsBpB;AAED,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAI/D;AAED,wBAAgB,2BAA2B,CACvC,WAAW,EAAE,OAAO,CAAC,gBAAgB,CAAC,GACvC,sBAAsB,CAoBxB"}
1
+ {"version":3,"file":"Authority.d.ts","sourceRoot":"","sources":["../../src/authority/Authority.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAEH,oBAAoB,EACvB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAKtC,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAY9D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AAEpE,OAAO,EACH,gBAAgB,EAEhB,sBAAsB,EACzB,MAAM,uBAAuB,CAAC;AAS/B,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAEvE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AAKpF;;;;GAIG;AACH,qBAAa,SAAS;IAElB,OAAO,CAAC,mBAAmB,CAAY;IAEvC,OAAO,CAAC,gCAAgC,CAAc;IAEtD,SAAS,CAAC,gBAAgB,EAAE,cAAc,CAAC;IAE3C,SAAS,CAAC,YAAY,EAAE,aAAa,CAAC;IAEtC,OAAO,CAAC,gBAAgB,CAAmB;IAE3C,OAAO,CAAC,QAAQ,CAA0B;IAE1C,OAAO,CAAC,eAAe,CAAkB;IAElC,uBAAuB,EAAE,uBAAuB,CAAC;IAExD,OAAO,CAAC,MAAM,CAAS;IAEvB,SAAS,CAAC,iBAAiB,EAAE,kBAAkB,CAAC;IAEhD,SAAS,CAAC,aAAa,EAAE,MAAM,CAAC;IAEhC,OAAO,CAAC,eAAe,CAAU;IAEjC,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAMjC;gBAGC,SAAS,EAAE,MAAM,EACjB,gBAAgB,EAAE,cAAc,EAChC,YAAY,EAAE,aAAa,EAC3B,gBAAgB,EAAE,gBAAgB,EAClC,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,EACrB,iBAAiB,EAAE,kBAAkB,EACrC,eAAe,CAAC,EAAE,OAAO;IAwB7B;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAqBxB,IAAW,aAAa,IAAI,aAAa,CAExC;IAED;;OAEG;IACH,IAAW,YAAY,IAAI,YAAY,CAEtC;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,gBAAgB,CAErC;IAED;;OAEG;IACH,IAAW,kBAAkB,IAAI,MAAM,CAEtC;IAED;;OAEG;IACH,IAAW,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAIxC;IAED;;OAEG;IACH,IAAW,+BAA+B,IAAI,IAAI,CAOjD;IAED;;OAEG;IACH,IAAW,eAAe,IAAI,MAAM,CAEnC;IAED;;OAEG;IACH,IAAW,MAAM,IAAI,MAAM,CAE1B;IAED;;OAEG;IACH,IAAW,qBAAqB,IAAI,MAAM,CAQzC;IAED;;OAEG;IACH,IAAW,aAAa,IAAI,MAAM,CAQjC;IAED,IAAW,kBAAkB,IAAI,MAAM,CAUtC;IAED;;OAEG;IACH,IAAW,kBAAkB,IAAI,MAAM,CActC;IAED;;OAEG;IACH,IAAW,qBAAqB,IAAI,MAAM,CAQzC;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,MAAM,CAQ3B;IAED;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAWxB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAIrB;;;OAGG;IACH,OAAO,CAAC,WAAW;IA4CnB;;OAEG;IACH,SAAS,KAAK,kCAAkC,IAAI,MAAM,CAWzD;IAED;;OAEG;IACH,iBAAiB,IAAI,OAAO;IAI5B;;;OAGG;IACU,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IAiCnD;;;;OAIG;IACH,OAAO,CAAC,wBAAwB;IA0BhC;;;;;;OAMG;IACH,OAAO,CAAC,oBAAoB;IA+B5B;;;OAGG;YACW,sBAAsB;IA6EpC;;;;;OAKG;IACH,OAAO,CAAC,sCAAsC;IAmE9C;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAc3B;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAgBrC;;;;OAIG;YACW,8BAA8B;IAwC5C;;OAEG;IACH,OAAO,CAAC,sCAAsC;IAQ9C;;;OAGG;YACW,qCAAqC;IAmDnD;;;;;OAKG;YACW,4BAA4B;IAiC1C,OAAO,CAAC,4CAA4C;IAwFpD;;OAEG;IACH,OAAO,CAAC,mCAAmC;IAoE3C;;;;OAIG;YACW,oCAAoC;IA6GlD;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAa5B;;;;OAIG;IACH,MAAM,CAAC,iBAAiB,CACpB,eAAe,EAAE,MAAM,EACvB,iBAAiB,CAAC,EAAE,iBAAiB,GACtC,MAAM;IAkBT;;;OAGG;IACH,MAAM,CAAC,oCAAoC,CACvC,IAAI,EAAE,MAAM,GACb,sBAAsB;IAQzB;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAY3B;;;OAGG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI9B;;;OAGG;IACH,gCAAgC,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIvD;;;;;;;;;;;;;;;;;;;OAmBG;IACH,OAAO,CAAC,cAAc;IAwEtB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAS9B;;;;OAIG;IACH,OAAO,CAAC,4BAA4B;IASpC;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,wBAAwB;IAoDhC;;;;;OAKG;IACH,MAAM,CAAC,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIpD;;;;;OAKG;IACH,MAAM,CAAC,4BAA4B,CAC/B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,WAAW,CAAC,EAAE,MAAM,GACrB,MAAM;IAyBT;;;;;OAKG;IACH,MAAM,CAAC,8BAA8B,CACjC,QAAQ,EAAE,oBAAoB,EAC9B,WAAW,EAAE,MAAM,GACpB,oBAAoB;IAyBvB;;;;;;;;OAQG;IACH,MAAM,CAAC,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;CAmB3D;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CACxC,SAAS,EAAE,MAAM,GAClB,MAAM,GAAG,SAAS,CAsBpB;AAED,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAI/D;AAED,wBAAgB,2BAA2B,CACvC,WAAW,EAAE,OAAO,CAAC,gBAAgB,CAAC,GACvC,sBAAsB,CAoBxB"}
@@ -1 +1 @@
1
- {"version":3,"file":"AuthorityMetadata.d.ts","sourceRoot":"","sources":["../../src/authority/AuthorityMetadata.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAEjE,KAAK,WAAW,GAAG;IACf,gBAAgB,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,oBAAoB,CAAA;KAAE,CAAC;IAC1D,yBAAyB,EAAE,8BAA8B,CAAC;CAC7D,CAAC;AAkCF,eAAO,MAAM,cAAc,EAAE,WA2D5B,CAAC;AAEF,eAAO,MAAM,gBAAgB;;CAAkC,CAAC;AAChE,eAAO,MAAM,yBAAyB,gCACM,CAAC;AAE7C,eAAO,MAAM,gCAAgC,EAAE,GAAG,CAAC,MAAM,CAAa,CAAC;AASvE;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACvC,sBAAsB,EAAE,sBAAsB,EAC9C,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,GACtB,MAAM,EAAE,CA0BV;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAClC,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,EACrB,aAAa,CAAC,EAAE,MAAM,EACtB,sBAAsB,CAAC,EAAE,sBAAsB,EAAE,EACjD,MAAM,CAAC,EAAE,uBAAuB,GACjC,MAAM,EAAE,GAAG,IAAI,CA0BjB;AAED;;GAEG;AACH,wBAAgB,4CAA4C,CACxD,aAAa,EAAE,MAAM,GACtB,sBAAsB,GAAG,IAAI,CAM/B;AAED;;;;GAIG;AACH,wBAAgB,4CAA4C,CACxD,QAAQ,EAAE,sBAAsB,EAAE,EAClC,aAAa,EAAE,MAAM,GACtB,sBAAsB,GAAG,IAAI,CAS/B"}
1
+ {"version":3,"file":"AuthorityMetadata.d.ts","sourceRoot":"","sources":["../../src/authority/AuthorityMetadata.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAEjE,KAAK,WAAW,GAAG;IACf,gBAAgB,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,oBAAoB,CAAA;KAAE,CAAC;IAC1D,yBAAyB,EAAE,8BAA8B,CAAC;CAC7D,CAAC;AAkCF,eAAO,MAAM,cAAc,EAAE,WAoE5B,CAAC;AAEF,eAAO,MAAM,gBAAgB;;CAAkC,CAAC;AAChE,eAAO,MAAM,yBAAyB,gCACM,CAAC;AAE7C,eAAO,MAAM,gCAAgC,EAAE,GAAG,CAAC,MAAM,CAAa,CAAC;AASvE;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACvC,sBAAsB,EAAE,sBAAsB,EAC9C,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,GACtB,MAAM,EAAE,CA0BV;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAClC,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,EACrB,aAAa,CAAC,EAAE,MAAM,EACtB,sBAAsB,CAAC,EAAE,sBAAsB,EAAE,EACjD,MAAM,CAAC,EAAE,uBAAuB,GACjC,MAAM,EAAE,GAAG,IAAI,CA0BjB;AAED;;GAEG;AACH,wBAAgB,4CAA4C,CACxD,aAAa,EAAE,MAAM,GACtB,sBAAsB,GAAG,IAAI,CAM/B;AAED;;;;GAIG;AACH,wBAAgB,4CAA4C,CACxD,QAAQ,EAAE,sBAAsB,EAAE,EAClC,aAAa,EAAE,MAAM,GACtB,sBAAsB,GAAG,IAAI,CAS/B"}
@@ -20,4 +20,5 @@ export declare const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
20
20
  export declare const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
21
21
  export declare const authorityMismatch = "authority_mismatch";
22
22
  export declare const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
23
+ export declare const issuerValidationFailed = "issuer_validation_failed";
23
24
  //# sourceMappingURL=ClientConfigurationErrorCodes.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"ClientConfigurationErrorCodes.d.ts","sourceRoot":"","sources":["../../src/error/ClientConfigurationErrorCodes.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,gBAAgB,uBAAuB,CAAC;AACrD,eAAO,MAAM,yBAAyB,iCAAiC,CAAC;AACxE,eAAO,MAAM,oBAAoB,2BAA2B,CAAC;AAC7D,eAAO,MAAM,aAAa,oBAAoB,CAAC;AAC/C,eAAO,MAAM,aAAa,oBAAoB,CAAC;AAC/C,eAAO,MAAM,qBAAqB,6BAA6B,CAAC;AAChE,eAAO,MAAM,aAAa,mBAAmB,CAAC;AAC9C,eAAO,MAAM,iBAAiB,wBAAwB,CAAC;AACvD,eAAO,MAAM,kBAAkB,yBAAyB,CAAC;AACzD,eAAO,MAAM,0BAA0B,kCAAkC,CAAC;AAC1E,eAAO,MAAM,iBAAiB,wBAAwB,CAAC;AACvD,eAAO,MAAM,6BAA6B,qCAAqC,CAAC;AAChF,eAAO,MAAM,wBAAwB,+BAA+B,CAAC;AACrE,eAAO,MAAM,kBAAkB,wBAAwB,CAAC;AACxD,eAAO,MAAM,aAAa,oBAAoB,CAAC;AAC/C,eAAO,MAAM,aAAa,oBAAoB,CAAC;AAC/C,eAAO,MAAM,gCAAgC,wCACJ,CAAC;AAC1C,eAAO,MAAM,2BAA2B,kCAAkC,CAAC;AAC3E,eAAO,MAAM,oBAAoB,2BAA2B,CAAC;AAC7D,eAAO,MAAM,yBAAyB,iCAAiC,CAAC;AACxE,eAAO,MAAM,iBAAiB,uBAAuB,CAAC;AACtD,eAAO,MAAM,0BAA0B,mCAAmC,CAAC"}
1
+ {"version":3,"file":"ClientConfigurationErrorCodes.d.ts","sourceRoot":"","sources":["../../src/error/ClientConfigurationErrorCodes.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,gBAAgB,uBAAuB,CAAC;AACrD,eAAO,MAAM,yBAAyB,iCAAiC,CAAC;AACxE,eAAO,MAAM,oBAAoB,2BAA2B,CAAC;AAC7D,eAAO,MAAM,aAAa,oBAAoB,CAAC;AAC/C,eAAO,MAAM,aAAa,oBAAoB,CAAC;AAC/C,eAAO,MAAM,qBAAqB,6BAA6B,CAAC;AAChE,eAAO,MAAM,aAAa,mBAAmB,CAAC;AAC9C,eAAO,MAAM,iBAAiB,wBAAwB,CAAC;AACvD,eAAO,MAAM,kBAAkB,yBAAyB,CAAC;AACzD,eAAO,MAAM,0BAA0B,kCAAkC,CAAC;AAC1E,eAAO,MAAM,iBAAiB,wBAAwB,CAAC;AACvD,eAAO,MAAM,6BAA6B,qCAAqC,CAAC;AAChF,eAAO,MAAM,wBAAwB,+BAA+B,CAAC;AACrE,eAAO,MAAM,kBAAkB,wBAAwB,CAAC;AACxD,eAAO,MAAM,aAAa,oBAAoB,CAAC;AAC/C,eAAO,MAAM,aAAa,oBAAoB,CAAC;AAC/C,eAAO,MAAM,gCAAgC,wCACJ,CAAC;AAC1C,eAAO,MAAM,2BAA2B,kCAAkC,CAAC;AAC3E,eAAO,MAAM,oBAAoB,2BAA2B,CAAC;AAC7D,eAAO,MAAM,yBAAyB,iCAAiC,CAAC;AACxE,eAAO,MAAM,iBAAiB,uBAAuB,CAAC;AACtD,eAAO,MAAM,0BAA0B,mCAAmC,CAAC;AAC3E,eAAO,MAAM,sBAAsB,6BAA6B,CAAC"}
@@ -1,3 +1,3 @@
1
1
  export declare const name = "@azure/msal-common";
2
- export declare const version = "16.6.0";
2
+ export declare const version = "16.6.1";
3
3
  //# sourceMappingURL=packageMetadata.d.ts.map