@azure/msal-common 16.8.0 → 16.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +9 -3
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +9 -23
- package/dist/account/AuthToken.mjs.map +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +4 -4
- package/dist/account/ClientInfo.mjs.map +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +36 -37
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +3 -3
- package/dist/authority/AuthorityFactory.mjs.map +1 -1
- package/dist/authority/AuthorityMetadata.mjs +2 -2
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +16 -10
- package/dist/authority/RegionDiscovery.mjs.map +1 -1
- package/dist/cache/CacheManager.mjs +62 -46
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/AccountEntityUtils.mjs +23 -7
- package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +12 -4
- package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +7 -7
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +8 -8
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +10 -18
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.mjs +6 -5
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +7 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +11 -11
- package/dist/crypto/ICrypto.mjs.map +1 -1
- package/dist/crypto/JoseHeader.mjs +3 -3
- package/dist/crypto/JoseHeader.mjs.map +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +2 -2
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.mjs +5 -7
- package/dist/error/AuthError.mjs.map +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +5 -5
- package/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +5 -5
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +5 -5
- package/dist/error/JoseHeaderError.mjs.map +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +2 -2
- package/dist/error/NetworkError.mjs.map +1 -1
- package/dist/error/PlatformBrokerError.mjs +3 -3
- package/dist/error/PlatformBrokerError.mjs.map +1 -1
- package/dist/error/ServerError.mjs +3 -3
- package/dist/error/ServerError.mjs.map +1 -1
- package/dist/index-node.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.mjs +25 -11
- package/dist/logger/Logger.mjs.map +1 -1
- package/dist/network/INetworkModule.mjs +4 -3
- package/dist/network/INetworkModule.mjs.map +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.mjs +2 -2
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +18 -14
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/protocol/Token.mjs +4 -2
- package/dist/protocol/Token.mjs.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist/request/BaseAuthRequest.mjs +3 -3
- package/dist/request/BaseAuthRequest.mjs.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +50 -31
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +13 -12
- package/dist/request/ScopeSet.mjs.map +1 -1
- package/dist/response/ResponseHandler.mjs +30 -27
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist/url/UrlString.mjs +15 -14
- package/dist/url/UrlString.mjs.map +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +3 -2
- package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist/utils/Constants.mjs +7 -3
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +12 -9
- package/dist/utils/ProtocolUtils.mjs.map +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.mjs +4 -4
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/dist-browser/account/AccountInfo.mjs +9 -3
- package/dist-browser/account/AccountInfo.mjs.map +1 -1
- package/dist-browser/account/AuthToken.mjs +9 -23
- package/dist-browser/account/AuthToken.mjs.map +1 -1
- package/dist-browser/account/CcsCredential.mjs +1 -1
- package/dist-browser/account/ClientInfo.mjs +4 -4
- package/dist-browser/account/ClientInfo.mjs.map +1 -1
- package/dist-browser/account/TokenClaims.mjs +1 -1
- package/dist-browser/authority/Authority.mjs +52 -50
- package/dist-browser/authority/Authority.mjs.map +1 -1
- package/dist-browser/authority/AuthorityFactory.mjs +3 -3
- package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
- package/dist-browser/authority/AuthorityMetadata.mjs +8 -7
- package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist-browser/authority/AuthorityOptions.mjs +1 -1
- package/dist-browser/authority/AuthorityType.mjs +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist-browser/authority/ProtocolMode.mjs +1 -1
- package/dist-browser/authority/RegionDiscovery.mjs +16 -10
- package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
- package/dist-browser/cache/CacheManager.mjs +63 -47
- package/dist-browser/cache/CacheManager.mjs.map +1 -1
- package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist-browser/cache/utils/AccountEntityUtils.mjs +23 -7
- package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist-browser/cache/utils/CacheHelpers.mjs +12 -4
- package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist-browser/client/AuthorizationCodeClient.mjs +10 -10
- package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist-browser/client/RefreshTokenClient.mjs +9 -9
- package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
- package/dist-browser/client/SilentFlowClient.mjs +11 -19
- package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
- package/dist-browser/config/ClientConfiguration.mjs +6 -5
- package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
- package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
- package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist-browser/crypto/ICrypto.mjs +11 -11
- package/dist-browser/crypto/ICrypto.mjs.map +1 -1
- package/dist-browser/crypto/JoseHeader.mjs +3 -3
- package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
- package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
- package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist-browser/error/AuthError.mjs +5 -7
- package/dist-browser/error/AuthError.mjs.map +1 -1
- package/dist-browser/error/AuthErrorCodes.mjs +1 -1
- package/dist-browser/error/CacheError.mjs +1 -1
- package/dist-browser/error/CacheErrorCodes.mjs +1 -1
- package/dist-browser/error/ClientAuthError.mjs +5 -5
- package/dist-browser/error/ClientAuthError.mjs.map +1 -1
- package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationError.mjs +5 -5
- package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist-browser/error/JoseHeaderError.mjs +5 -5
- package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
- package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist-browser/error/NetworkError.mjs +2 -2
- package/dist-browser/error/NetworkError.mjs.map +1 -1
- package/dist-browser/error/PlatformBrokerError.mjs +3 -3
- package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
- package/dist-browser/error/ServerError.mjs +3 -3
- package/dist-browser/error/ServerError.mjs.map +1 -1
- package/dist-browser/index-browser.mjs +1 -1
- package/dist-browser/index.mjs +1 -1
- package/dist-browser/log-strings-mapping.json +2 -2
- package/dist-browser/logger/Logger.mjs +25 -11
- package/dist-browser/logger/Logger.mjs.map +1 -1
- package/dist-browser/network/INetworkModule.mjs +4 -3
- package/dist-browser/network/INetworkModule.mjs.map +1 -1
- package/dist-browser/network/RequestThumbprint.mjs +1 -1
- package/dist-browser/network/ThrottlingUtils.mjs +2 -2
- package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
- package/dist-browser/packageMetadata.mjs +2 -2
- package/dist-browser/protocol/Authorize.mjs +18 -14
- package/dist-browser/protocol/Authorize.mjs.map +1 -1
- package/dist-browser/protocol/Token.mjs +5 -3
- package/dist-browser/protocol/Token.mjs.map +1 -1
- package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist-browser/request/BaseAuthRequest.mjs +3 -3
- package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
- package/dist-browser/request/RequestParameterBuilder.mjs +50 -31
- package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist-browser/request/ScopeSet.mjs +13 -12
- package/dist-browser/request/ScopeSet.mjs.map +1 -1
- package/dist-browser/response/ResponseHandler.mjs +32 -29
- package/dist-browser/response/ResponseHandler.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceClient.mjs +9 -9
- package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist-browser/url/UrlString.mjs +15 -14
- package/dist-browser/url/UrlString.mjs.map +1 -1
- package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
- package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist-browser/utils/Constants.mjs +7 -3
- package/dist-browser/utils/Constants.mjs.map +1 -1
- package/dist-browser/utils/FunctionWrappers.mjs +7 -7
- package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
- package/dist-browser/utils/ProtocolUtils.mjs +12 -9
- package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
- package/dist-browser/utils/StringUtils.mjs +1 -1
- package/dist-browser/utils/TimeUtils.mjs +1 -1
- package/dist-browser/utils/UrlUtils.mjs +6 -6
- package/dist-browser/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +8 -8
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-7wFgJ2eB.js → index-node-BSFEsmmC.js} +407 -325
- package/lib/index-node-BSFEsmmC.js.map +1 -0
- package/lib/index-node.cjs +2 -2
- package/lib/index.cjs +2 -2
- package/package.json +3 -5
- package/src/account/AccountInfo.ts +19 -1
- package/src/account/AuthToken.ts +19 -21
- package/src/account/ClientCredentials.ts +1 -0
- package/src/account/ClientInfo.ts +8 -3
- package/src/authority/Authority.ts +73 -38
- package/src/authority/AuthorityFactory.ts +4 -2
- package/src/authority/AuthorityMetadata.ts +2 -1
- package/src/authority/RegionDiscovery.ts +18 -11
- package/src/cache/CacheManager.ts +160 -57
- package/src/cache/entities/AccountEntity.ts +4 -0
- package/src/cache/entities/CredentialEntity.ts +2 -0
- package/src/cache/interface/ICacheManager.ts +1 -0
- package/src/cache/utils/AccountEntityUtils.ts +29 -3
- package/src/cache/utils/CacheHelpers.ts +18 -3
- package/src/cache/utils/CacheTypes.ts +2 -0
- package/src/client/AuthorizationCodeClient.ts +10 -4
- package/src/client/RefreshTokenClient.ts +12 -5
- package/src/client/SilentFlowClient.ts +17 -20
- package/src/config/ClientConfiguration.ts +14 -4
- package/src/constants/AADServerParamKeys.ts +5 -0
- package/src/crypto/ICrypto.ts +40 -10
- package/src/crypto/JoseHeader.ts +8 -2
- package/src/crypto/PopTokenGenerator.ts +1 -1
- package/src/error/AuthError.ts +9 -5
- package/src/error/ClientAuthError.ts +8 -3
- package/src/error/ClientAuthErrorCodes.ts +0 -2
- package/src/error/ClientConfigurationError.ts +5 -4
- package/src/error/InteractionRequiredAuthError.ts +9 -5
- package/src/error/JoseHeaderError.ts +11 -4
- package/src/error/NetworkError.ts +6 -1
- package/src/error/PlatformBrokerError.ts +2 -1
- package/src/error/ServerError.ts +3 -2
- package/src/logger/Logger.ts +25 -10
- package/src/network/INetworkModule.ts +3 -2
- package/src/network/ThrottlingUtils.ts +1 -0
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +23 -6
- package/src/protocol/Token.ts +6 -1
- package/src/request/AuthenticationHeaderParser.ts +6 -3
- package/src/request/BaseAuthRequest.ts +8 -2
- package/src/request/RequestParameterBuilder.ts +67 -43
- package/src/request/ScopeSet.ts +27 -11
- package/src/response/ImdsComputeResponse.ts +14 -0
- package/src/response/ResponseHandler.ts +46 -32
- package/src/url/UrlString.ts +32 -13
- package/src/utils/ClientAssertionUtils.ts +3 -1
- package/src/utils/Constants.ts +6 -3
- package/src/utils/ProtocolUtils.ts +26 -8
- package/src/utils/UrlUtils.ts +8 -3
- package/types/account/AccountInfo.d.ts +8 -2
- package/types/account/AccountInfo.d.ts.map +1 -1
- package/types/account/AuthToken.d.ts +2 -6
- package/types/account/AuthToken.d.ts.map +1 -1
- package/types/account/ClientCredentials.d.ts +1 -0
- package/types/account/ClientCredentials.d.ts.map +1 -1
- package/types/account/ClientInfo.d.ts.map +1 -1
- package/types/authority/Authority.d.ts +5 -5
- package/types/authority/Authority.d.ts.map +1 -1
- package/types/authority/AuthorityFactory.d.ts.map +1 -1
- package/types/authority/AuthorityMetadata.d.ts.map +1 -1
- package/types/authority/RegionDiscovery.d.ts +3 -2
- package/types/authority/RegionDiscovery.d.ts.map +1 -1
- package/types/cache/CacheManager.d.ts +0 -7
- package/types/cache/CacheManager.d.ts.map +1 -1
- package/types/cache/entities/AccountEntity.d.ts +4 -0
- package/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/types/cache/entities/CredentialEntity.d.ts +2 -0
- package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/types/cache/interface/ICacheManager.d.ts +1 -0
- package/types/cache/interface/ICacheManager.d.ts.map +1 -1
- package/types/cache/utils/AccountEntityUtils.d.ts +7 -1
- package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
- package/types/cache/utils/CacheHelpers.d.ts +4 -1
- package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/types/cache/utils/CacheTypes.d.ts +2 -1
- package/types/cache/utils/CacheTypes.d.ts.map +1 -1
- package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/types/client/SilentFlowClient.d.ts.map +1 -1
- package/types/config/ClientConfiguration.d.ts +4 -0
- package/types/config/ClientConfiguration.d.ts.map +1 -1
- package/types/constants/AADServerParamKeys.d.ts +4 -0
- package/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/types/crypto/ICrypto.d.ts.map +1 -1
- package/types/crypto/JoseHeader.d.ts.map +1 -1
- package/types/error/AuthError.d.ts +2 -3
- package/types/error/AuthError.d.ts.map +1 -1
- package/types/error/ClientAuthError.d.ts +2 -2
- package/types/error/ClientAuthError.d.ts.map +1 -1
- package/types/error/ClientAuthErrorCodes.d.ts +0 -2
- package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/types/error/ClientConfigurationError.d.ts +2 -2
- package/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/types/error/InteractionRequiredAuthError.d.ts +2 -2
- package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/types/error/JoseHeaderError.d.ts +2 -2
- package/types/error/JoseHeaderError.d.ts.map +1 -1
- package/types/error/NetworkError.d.ts.map +1 -1
- package/types/error/PlatformBrokerError.d.ts +1 -1
- package/types/error/PlatformBrokerError.d.ts.map +1 -1
- package/types/error/ServerError.d.ts +1 -1
- package/types/error/ServerError.d.ts.map +1 -1
- package/types/logger/Logger.d.ts.map +1 -1
- package/types/network/INetworkModule.d.ts.map +1 -1
- package/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/packageMetadata.d.ts.map +1 -1
- package/types/protocol/Authorize.d.ts +6 -2
- package/types/protocol/Authorize.d.ts.map +1 -1
- package/types/protocol/Token.d.ts +2 -0
- package/types/protocol/Token.d.ts.map +1 -1
- package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/types/request/BaseAuthRequest.d.ts +4 -0
- package/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/types/request/RequestParameterBuilder.d.ts +13 -3
- package/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/types/request/ScopeSet.d.ts +4 -3
- package/types/request/ScopeSet.d.ts.map +1 -1
- package/types/response/ImdsComputeResponse.d.ts +10 -0
- package/types/response/ImdsComputeResponse.d.ts.map +1 -0
- package/types/response/ResponseHandler.d.ts +2 -1
- package/types/response/ResponseHandler.d.ts.map +1 -1
- package/types/url/UrlString.d.ts +5 -4
- package/types/url/UrlString.d.ts.map +1 -1
- package/types/utils/ClientAssertionUtils.d.ts +1 -1
- package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
- package/types/utils/Constants.d.ts +6 -2
- package/types/utils/Constants.d.ts.map +1 -1
- package/types/utils/ProtocolUtils.d.ts +6 -3
- package/types/utils/ProtocolUtils.d.ts.map +1 -1
- package/types/utils/UrlUtils.d.ts.map +1 -1
- package/lib/index-node-7wFgJ2eB.js.map +0 -1
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
6
|
import { TokenClaims } from "./TokenClaims.js";
|
|
7
|
+
import { isKmsi } from "./AuthToken.js";
|
|
7
8
|
|
|
8
9
|
export type DataBoundary = "EU" | "None";
|
|
9
10
|
|
|
@@ -45,6 +46,11 @@ export type AccountInfo = {
|
|
|
45
46
|
authorityType?: string;
|
|
46
47
|
tenantProfiles?: Map<string, TenantProfile>;
|
|
47
48
|
dataBoundary?: DataBoundary;
|
|
49
|
+
/**
|
|
50
|
+
* Indicates whether the user selected "Keep Me Signed In" (KMSI) during authentication.
|
|
51
|
+
* Derived from the signin_state claim in the ID token.
|
|
52
|
+
*/
|
|
53
|
+
kmsi?: boolean;
|
|
48
54
|
};
|
|
49
55
|
|
|
50
56
|
/**
|
|
@@ -52,7 +58,13 @@ export type AccountInfo = {
|
|
|
52
58
|
*/
|
|
53
59
|
export type TenantProfile = Pick<
|
|
54
60
|
AccountInfo,
|
|
55
|
-
|
|
61
|
+
| "tenantId"
|
|
62
|
+
| "localAccountId"
|
|
63
|
+
| "name"
|
|
64
|
+
| "username"
|
|
65
|
+
| "loginHint"
|
|
66
|
+
| "upn"
|
|
67
|
+
| "nativeAccountId"
|
|
56
68
|
> & {
|
|
57
69
|
/**
|
|
58
70
|
* - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
|
|
@@ -88,6 +100,7 @@ export function tenantIdMatchesHomeTenant(
|
|
|
88
100
|
* @param homeAccountId - Home account identifier for this account object
|
|
89
101
|
* @param localAccountId - Local account identifer for this account object
|
|
90
102
|
* @param tenantId - Full tenant or organizational id that this account belongs to
|
|
103
|
+
* @param nativeAccountId - Native account identifier for this tenant
|
|
91
104
|
* @param idTokenClaims - Claims from the ID token
|
|
92
105
|
* @returns
|
|
93
106
|
*/
|
|
@@ -95,6 +108,7 @@ export function buildTenantProfile(
|
|
|
95
108
|
homeAccountId: string,
|
|
96
109
|
localAccountId: string,
|
|
97
110
|
tenantId: string,
|
|
111
|
+
nativeAccountId?: string,
|
|
98
112
|
idTokenClaims?: TokenClaims
|
|
99
113
|
): TenantProfile {
|
|
100
114
|
if (idTokenClaims) {
|
|
@@ -126,6 +140,7 @@ export function buildTenantProfile(
|
|
|
126
140
|
loginHint: login_hint,
|
|
127
141
|
isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
|
|
128
142
|
upn: upn,
|
|
143
|
+
...(nativeAccountId && { nativeAccountId }),
|
|
129
144
|
};
|
|
130
145
|
} else {
|
|
131
146
|
return {
|
|
@@ -133,6 +148,7 @@ export function buildTenantProfile(
|
|
|
133
148
|
localAccountId,
|
|
134
149
|
username: "",
|
|
135
150
|
isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
|
|
151
|
+
...(nativeAccountId && { nativeAccountId }),
|
|
136
152
|
};
|
|
137
153
|
}
|
|
138
154
|
}
|
|
@@ -166,6 +182,7 @@ export function updateAccountTenantProfileData(
|
|
|
166
182
|
baseAccountInfo.homeAccountId,
|
|
167
183
|
baseAccountInfo.localAccountId,
|
|
168
184
|
baseAccountInfo.tenantId,
|
|
185
|
+
updatedAccountInfo.nativeAccountId,
|
|
169
186
|
idTokenClaims
|
|
170
187
|
);
|
|
171
188
|
|
|
@@ -174,6 +191,7 @@ export function updateAccountTenantProfileData(
|
|
|
174
191
|
...claimsSourcedTenantProfile,
|
|
175
192
|
idTokenClaims: idTokenClaims,
|
|
176
193
|
idToken: idTokenSecret,
|
|
194
|
+
kmsi: isKmsi(idTokenClaims),
|
|
177
195
|
};
|
|
178
196
|
|
|
179
197
|
return updatedAccountInfo;
|
package/src/account/AuthToken.ts
CHANGED
|
@@ -16,9 +16,10 @@ import {
|
|
|
16
16
|
*/
|
|
17
17
|
export function extractTokenClaims(
|
|
18
18
|
encodedToken: string,
|
|
19
|
-
base64Decode: (input: string) => string
|
|
19
|
+
base64Decode: (input: string) => string,
|
|
20
|
+
correlationId: string
|
|
20
21
|
): TokenClaims {
|
|
21
|
-
const jswPayload = getJWSPayload(encodedToken);
|
|
22
|
+
const jswPayload = getJWSPayload(encodedToken, correlationId);
|
|
22
23
|
|
|
23
24
|
// token will be decoded to get the username
|
|
24
25
|
try {
|
|
@@ -26,7 +27,10 @@ export function extractTokenClaims(
|
|
|
26
27
|
const base64Decoded = base64Decode(jswPayload);
|
|
27
28
|
return JSON.parse(base64Decoded) as TokenClaims;
|
|
28
29
|
} catch (err) {
|
|
29
|
-
throw createClientAuthError(
|
|
30
|
+
throw createClientAuthError(
|
|
31
|
+
ClientAuthErrorCodes.tokenParsingError,
|
|
32
|
+
correlationId
|
|
33
|
+
);
|
|
30
34
|
}
|
|
31
35
|
}
|
|
32
36
|
|
|
@@ -57,14 +61,23 @@ export function isKmsi(idTokenClaims: TokenClaims): boolean {
|
|
|
57
61
|
*
|
|
58
62
|
* @param authToken
|
|
59
63
|
*/
|
|
60
|
-
export function getJWSPayload(
|
|
64
|
+
export function getJWSPayload(
|
|
65
|
+
authToken: string,
|
|
66
|
+
correlationId: string
|
|
67
|
+
): string {
|
|
61
68
|
if (!authToken) {
|
|
62
|
-
throw createClientAuthError(
|
|
69
|
+
throw createClientAuthError(
|
|
70
|
+
ClientAuthErrorCodes.nullOrEmptyToken,
|
|
71
|
+
correlationId
|
|
72
|
+
);
|
|
63
73
|
}
|
|
64
74
|
const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/;
|
|
65
75
|
const matches = tokenPartsRegex.exec(authToken);
|
|
66
76
|
if (!matches || matches.length < 4) {
|
|
67
|
-
throw createClientAuthError(
|
|
77
|
+
throw createClientAuthError(
|
|
78
|
+
ClientAuthErrorCodes.tokenParsingError,
|
|
79
|
+
correlationId
|
|
80
|
+
);
|
|
68
81
|
}
|
|
69
82
|
/**
|
|
70
83
|
* const crackedToken = {
|
|
@@ -76,18 +89,3 @@ export function getJWSPayload(authToken: string): string {
|
|
|
76
89
|
|
|
77
90
|
return matches[2];
|
|
78
91
|
}
|
|
79
|
-
|
|
80
|
-
/**
|
|
81
|
-
* Determine if the token's max_age has transpired
|
|
82
|
-
*/
|
|
83
|
-
export function checkMaxAge(authTime: number, maxAge: number): void {
|
|
84
|
-
/*
|
|
85
|
-
* per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
|
86
|
-
* To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,
|
|
87
|
-
* provide a value of 0 for the max_age parameter and the AS will force a fresh login.
|
|
88
|
-
*/
|
|
89
|
-
const fiveMinuteSkew = 300000; // five minutes in milliseconds
|
|
90
|
-
if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {
|
|
91
|
-
throw createClientAuthError(ClientAuthErrorCodes.maxAgeTranspired);
|
|
92
|
-
}
|
|
93
|
-
}
|
|
@@ -31,7 +31,10 @@ export function buildClientInfo(
|
|
|
31
31
|
base64Decode: (input: string) => string
|
|
32
32
|
): ClientInfo {
|
|
33
33
|
if (!rawClientInfo) {
|
|
34
|
-
throw createClientAuthError(
|
|
34
|
+
throw createClientAuthError(
|
|
35
|
+
ClientAuthErrorCodes.clientInfoEmptyError,
|
|
36
|
+
""
|
|
37
|
+
);
|
|
35
38
|
}
|
|
36
39
|
|
|
37
40
|
try {
|
|
@@ -39,7 +42,8 @@ export function buildClientInfo(
|
|
|
39
42
|
return JSON.parse(decodedClientInfo) as ClientInfo;
|
|
40
43
|
} catch (e) {
|
|
41
44
|
throw createClientAuthError(
|
|
42
|
-
ClientAuthErrorCodes.clientInfoDecodingError
|
|
45
|
+
ClientAuthErrorCodes.clientInfoDecodingError,
|
|
46
|
+
""
|
|
43
47
|
);
|
|
44
48
|
}
|
|
45
49
|
}
|
|
@@ -53,7 +57,8 @@ export function buildClientInfoFromHomeAccountId(
|
|
|
53
57
|
): ClientInfo {
|
|
54
58
|
if (!homeAccountId) {
|
|
55
59
|
throw createClientAuthError(
|
|
56
|
-
ClientAuthErrorCodes.clientInfoDecodingError
|
|
60
|
+
ClientAuthErrorCodes.clientInfoDecodingError,
|
|
61
|
+
""
|
|
57
62
|
);
|
|
58
63
|
}
|
|
59
64
|
const clientInfoParts: string[] = homeAccountId.split(
|
|
@@ -126,7 +126,7 @@ export class Authority {
|
|
|
126
126
|
}
|
|
127
127
|
|
|
128
128
|
/**
|
|
129
|
-
* Get {@link AuthorityType}
|
|
129
|
+
* Get {@link AuthorityType:type}
|
|
130
130
|
* @param authorityUri {@link IUri}
|
|
131
131
|
* @private
|
|
132
132
|
*/
|
|
@@ -180,7 +180,7 @@ export class Authority {
|
|
|
180
180
|
* Sets canonical authority.
|
|
181
181
|
*/
|
|
182
182
|
public set canonicalAuthority(url: string) {
|
|
183
|
-
this._canonicalAuthority = new UrlString(url);
|
|
183
|
+
this._canonicalAuthority = new UrlString(url, this.correlationId);
|
|
184
184
|
this._canonicalAuthority.validateAsUri();
|
|
185
185
|
this._canonicalAuthorityUrlComponents = null;
|
|
186
186
|
}
|
|
@@ -219,7 +219,8 @@ export class Authority {
|
|
|
219
219
|
return this.replacePath(this.metadata.authorization_endpoint);
|
|
220
220
|
} else {
|
|
221
221
|
throw createClientAuthError(
|
|
222
|
-
ClientAuthErrorCodes.endpointResolutionError
|
|
222
|
+
ClientAuthErrorCodes.endpointResolutionError,
|
|
223
|
+
this.correlationId
|
|
223
224
|
);
|
|
224
225
|
}
|
|
225
226
|
}
|
|
@@ -232,7 +233,8 @@ export class Authority {
|
|
|
232
233
|
return this.replacePath(this.metadata.token_endpoint);
|
|
233
234
|
} else {
|
|
234
235
|
throw createClientAuthError(
|
|
235
|
-
ClientAuthErrorCodes.endpointResolutionError
|
|
236
|
+
ClientAuthErrorCodes.endpointResolutionError,
|
|
237
|
+
this.correlationId
|
|
236
238
|
);
|
|
237
239
|
}
|
|
238
240
|
}
|
|
@@ -244,7 +246,8 @@ export class Authority {
|
|
|
244
246
|
);
|
|
245
247
|
} else {
|
|
246
248
|
throw createClientAuthError(
|
|
247
|
-
ClientAuthErrorCodes.endpointResolutionError
|
|
249
|
+
ClientAuthErrorCodes.endpointResolutionError,
|
|
250
|
+
this.correlationId
|
|
248
251
|
);
|
|
249
252
|
}
|
|
250
253
|
}
|
|
@@ -257,13 +260,15 @@ export class Authority {
|
|
|
257
260
|
// ROPC policies may not have end_session_endpoint set
|
|
258
261
|
if (!this.metadata.end_session_endpoint) {
|
|
259
262
|
throw createClientAuthError(
|
|
260
|
-
ClientAuthErrorCodes.endSessionEndpointNotSupported
|
|
263
|
+
ClientAuthErrorCodes.endSessionEndpointNotSupported,
|
|
264
|
+
this.correlationId
|
|
261
265
|
);
|
|
262
266
|
}
|
|
263
267
|
return this.replacePath(this.metadata.end_session_endpoint);
|
|
264
268
|
} else {
|
|
265
269
|
throw createClientAuthError(
|
|
266
|
-
ClientAuthErrorCodes.endpointResolutionError
|
|
270
|
+
ClientAuthErrorCodes.endpointResolutionError,
|
|
271
|
+
this.correlationId
|
|
267
272
|
);
|
|
268
273
|
}
|
|
269
274
|
}
|
|
@@ -276,7 +281,8 @@ export class Authority {
|
|
|
276
281
|
return this.replacePath(this.metadata.issuer);
|
|
277
282
|
} else {
|
|
278
283
|
throw createClientAuthError(
|
|
279
|
-
ClientAuthErrorCodes.endpointResolutionError
|
|
284
|
+
ClientAuthErrorCodes.endpointResolutionError,
|
|
285
|
+
this.correlationId
|
|
280
286
|
);
|
|
281
287
|
}
|
|
282
288
|
}
|
|
@@ -289,7 +295,8 @@ export class Authority {
|
|
|
289
295
|
return this.replacePath(this.metadata.jwks_uri);
|
|
290
296
|
} else {
|
|
291
297
|
throw createClientAuthError(
|
|
292
|
-
ClientAuthErrorCodes.endpointResolutionError
|
|
298
|
+
ClientAuthErrorCodes.endpointResolutionError,
|
|
299
|
+
this.correlationId
|
|
293
300
|
);
|
|
294
301
|
}
|
|
295
302
|
}
|
|
@@ -325,7 +332,8 @@ export class Authority {
|
|
|
325
332
|
private replacePath(urlString: string): string {
|
|
326
333
|
let endpoint = urlString;
|
|
327
334
|
const cachedAuthorityUrl = new UrlString(
|
|
328
|
-
this.metadata.canonical_authority
|
|
335
|
+
this.metadata.canonical_authority,
|
|
336
|
+
this.correlationId
|
|
329
337
|
);
|
|
330
338
|
const cachedAuthorityUrlComponents =
|
|
331
339
|
cachedAuthorityUrl.getUrlComponents();
|
|
@@ -340,7 +348,8 @@ export class Authority {
|
|
|
340
348
|
this.canReplaceTenant(cachedAuthorityUrlComponents)
|
|
341
349
|
) {
|
|
342
350
|
const tenantId = new UrlString(
|
|
343
|
-
this.metadata.authorization_endpoint
|
|
351
|
+
this.metadata.authorization_endpoint,
|
|
352
|
+
this.correlationId
|
|
344
353
|
).getUrlComponents().PathSegments[0];
|
|
345
354
|
/**
|
|
346
355
|
* Check if AAD canonical authority contains tenant domain name, for example "testdomain.onmicrosoft.com",
|
|
@@ -571,7 +580,8 @@ export class Authority {
|
|
|
571
580
|
// Metadata could not be obtained from the config, cache, network or hardcoded values
|
|
572
581
|
throw createClientAuthError(
|
|
573
582
|
ClientAuthErrorCodes.openIdConfigError,
|
|
574
|
-
this.defaultOpenIdConfigurationEndpoint
|
|
583
|
+
this.defaultOpenIdConfigurationEndpoint,
|
|
584
|
+
this.correlationId
|
|
575
585
|
);
|
|
576
586
|
}
|
|
577
587
|
}
|
|
@@ -659,7 +669,8 @@ export class Authority {
|
|
|
659
669
|
metadataEntity: AuthorityMetadataEntity
|
|
660
670
|
): boolean {
|
|
661
671
|
const cachedAuthorityUrl = new UrlString(
|
|
662
|
-
metadataEntity.canonical_authority
|
|
672
|
+
metadataEntity.canonical_authority,
|
|
673
|
+
this.correlationId
|
|
663
674
|
);
|
|
664
675
|
const cachedParts = cachedAuthorityUrl.getUrlComponents().PathSegments;
|
|
665
676
|
|
|
@@ -680,7 +691,8 @@ export class Authority {
|
|
|
680
691
|
) as OpenIdConfigResponse;
|
|
681
692
|
} catch (e) {
|
|
682
693
|
throw createClientConfigurationError(
|
|
683
|
-
ClientConfigurationErrorCodes.invalidAuthorityMetadata
|
|
694
|
+
ClientConfigurationErrorCodes.invalidAuthorityMetadata,
|
|
695
|
+
this.correlationId
|
|
684
696
|
);
|
|
685
697
|
}
|
|
686
698
|
}
|
|
@@ -765,7 +777,8 @@ export class Authority {
|
|
|
765
777
|
userConfiguredAzureRegion;
|
|
766
778
|
return Authority.replaceWithRegionalInformation(
|
|
767
779
|
metadata,
|
|
768
|
-
userConfiguredAzureRegion
|
|
780
|
+
userConfiguredAzureRegion,
|
|
781
|
+
this.correlationId
|
|
769
782
|
);
|
|
770
783
|
}
|
|
771
784
|
|
|
@@ -788,7 +801,8 @@ export class Authority {
|
|
|
788
801
|
autodetectedRegionName;
|
|
789
802
|
return Authority.replaceWithRegionalInformation(
|
|
790
803
|
metadata,
|
|
791
|
-
autodetectedRegionName
|
|
804
|
+
autodetectedRegionName,
|
|
805
|
+
this.correlationId
|
|
792
806
|
);
|
|
793
807
|
}
|
|
794
808
|
|
|
@@ -834,7 +848,8 @@ export class Authority {
|
|
|
834
848
|
|
|
835
849
|
// Metadata could not be obtained from the config, cache, network or hardcoded values
|
|
836
850
|
throw createClientConfigurationError(
|
|
837
|
-
ClientConfigurationErrorCodes.untrustedAuthority
|
|
851
|
+
ClientConfigurationErrorCodes.untrustedAuthority,
|
|
852
|
+
this.correlationId
|
|
838
853
|
);
|
|
839
854
|
}
|
|
840
855
|
|
|
@@ -978,7 +993,8 @@ export class Authority {
|
|
|
978
993
|
this.correlationId
|
|
979
994
|
);
|
|
980
995
|
throw createClientConfigurationError(
|
|
981
|
-
ClientConfigurationErrorCodes.invalidCloudDiscoveryMetadata
|
|
996
|
+
ClientConfigurationErrorCodes.invalidCloudDiscoveryMetadata,
|
|
997
|
+
this.correlationId
|
|
982
998
|
);
|
|
983
999
|
}
|
|
984
1000
|
}
|
|
@@ -1120,8 +1136,10 @@ export class Authority {
|
|
|
1120
1136
|
(authority) => {
|
|
1121
1137
|
return (
|
|
1122
1138
|
authority &&
|
|
1123
|
-
UrlString.getDomainFromUrl(
|
|
1124
|
-
|
|
1139
|
+
UrlString.getDomainFromUrl(
|
|
1140
|
+
authority,
|
|
1141
|
+
this.correlationId
|
|
1142
|
+
).toLowerCase() === normalizedHost
|
|
1125
1143
|
);
|
|
1126
1144
|
}
|
|
1127
1145
|
);
|
|
@@ -1178,7 +1196,8 @@ export class Authority {
|
|
|
1178
1196
|
return this.metadata.preferred_cache;
|
|
1179
1197
|
} else {
|
|
1180
1198
|
throw createClientAuthError(
|
|
1181
|
-
ClientAuthErrorCodes.endpointResolutionError
|
|
1199
|
+
ClientAuthErrorCodes.endpointResolutionError,
|
|
1200
|
+
this.correlationId
|
|
1182
1201
|
);
|
|
1183
1202
|
}
|
|
1184
1203
|
}
|
|
@@ -1226,7 +1245,8 @@ export class Authority {
|
|
|
1226
1245
|
private validateIssuer(issuer: string): void {
|
|
1227
1246
|
if (!issuer) {
|
|
1228
1247
|
throw createClientConfigurationError(
|
|
1229
|
-
ClientConfigurationErrorCodes.issuerValidationFailed
|
|
1248
|
+
ClientConfigurationErrorCodes.issuerValidationFailed,
|
|
1249
|
+
this.correlationId
|
|
1230
1250
|
);
|
|
1231
1251
|
}
|
|
1232
1252
|
|
|
@@ -1236,7 +1256,8 @@ export class Authority {
|
|
|
1236
1256
|
issuerUrl = new URL(issuer);
|
|
1237
1257
|
} catch {
|
|
1238
1258
|
throw createClientConfigurationError(
|
|
1239
|
-
ClientConfigurationErrorCodes.issuerValidationFailed
|
|
1259
|
+
ClientConfigurationErrorCodes.issuerValidationFailed,
|
|
1260
|
+
this.correlationId
|
|
1240
1261
|
);
|
|
1241
1262
|
}
|
|
1242
1263
|
const issuerScheme = issuerUrl.protocol;
|
|
@@ -1301,7 +1322,8 @@ export class Authority {
|
|
|
1301
1322
|
|
|
1302
1323
|
// issuer validation fails if none of the above rules are satisfied
|
|
1303
1324
|
throw createClientConfigurationError(
|
|
1304
|
-
ClientConfigurationErrorCodes.issuerValidationFailed
|
|
1325
|
+
ClientConfigurationErrorCodes.issuerValidationFailed,
|
|
1326
|
+
this.correlationId
|
|
1305
1327
|
);
|
|
1306
1328
|
}
|
|
1307
1329
|
|
|
@@ -1416,10 +1438,11 @@ export class Authority {
|
|
|
1416
1438
|
static buildRegionalAuthorityString(
|
|
1417
1439
|
host: string,
|
|
1418
1440
|
region: string,
|
|
1441
|
+
correlationId: string,
|
|
1419
1442
|
queryString?: string
|
|
1420
1443
|
): string {
|
|
1421
1444
|
// Create and validate a Url string object with the initial authority string
|
|
1422
|
-
const authorityUrlInstance = new UrlString(host);
|
|
1445
|
+
const authorityUrlInstance = new UrlString(host, correlationId);
|
|
1423
1446
|
authorityUrlInstance.validateAsUri();
|
|
1424
1447
|
|
|
1425
1448
|
const authorityUrlParts = authorityUrlInstance.getUrlComponents();
|
|
@@ -1431,10 +1454,13 @@ export class Authority {
|
|
|
1431
1454
|
}
|
|
1432
1455
|
|
|
1433
1456
|
// Include the query string portion of the url
|
|
1434
|
-
const url = UrlString.constructAuthorityUriFromObject(
|
|
1435
|
-
|
|
1436
|
-
|
|
1437
|
-
|
|
1457
|
+
const url = UrlString.constructAuthorityUriFromObject(
|
|
1458
|
+
{
|
|
1459
|
+
...authorityUrlInstance.getUrlComponents(),
|
|
1460
|
+
HostNameAndPort: hostNameAndPort,
|
|
1461
|
+
},
|
|
1462
|
+
correlationId
|
|
1463
|
+
).urlString;
|
|
1438
1464
|
|
|
1439
1465
|
// Add the query string if a query string was provided
|
|
1440
1466
|
if (queryString) return `${url}?${queryString}`;
|
|
@@ -1450,26 +1476,30 @@ export class Authority {
|
|
|
1450
1476
|
*/
|
|
1451
1477
|
static replaceWithRegionalInformation(
|
|
1452
1478
|
metadata: OpenIdConfigResponse,
|
|
1453
|
-
azureRegion: string
|
|
1479
|
+
azureRegion: string,
|
|
1480
|
+
correlationId: string
|
|
1454
1481
|
): OpenIdConfigResponse {
|
|
1455
1482
|
const regionalMetadata = { ...metadata };
|
|
1456
1483
|
regionalMetadata.authorization_endpoint =
|
|
1457
1484
|
Authority.buildRegionalAuthorityString(
|
|
1458
1485
|
regionalMetadata.authorization_endpoint,
|
|
1459
|
-
azureRegion
|
|
1486
|
+
azureRegion,
|
|
1487
|
+
correlationId
|
|
1460
1488
|
);
|
|
1461
1489
|
|
|
1462
1490
|
regionalMetadata.token_endpoint =
|
|
1463
1491
|
Authority.buildRegionalAuthorityString(
|
|
1464
1492
|
regionalMetadata.token_endpoint,
|
|
1465
|
-
azureRegion
|
|
1493
|
+
azureRegion,
|
|
1494
|
+
correlationId
|
|
1466
1495
|
);
|
|
1467
1496
|
|
|
1468
1497
|
if (regionalMetadata.end_session_endpoint) {
|
|
1469
1498
|
regionalMetadata.end_session_endpoint =
|
|
1470
1499
|
Authority.buildRegionalAuthorityString(
|
|
1471
1500
|
regionalMetadata.end_session_endpoint,
|
|
1472
|
-
azureRegion
|
|
1501
|
+
azureRegion,
|
|
1502
|
+
correlationId
|
|
1473
1503
|
);
|
|
1474
1504
|
}
|
|
1475
1505
|
|
|
@@ -1485,9 +1515,12 @@ export class Authority {
|
|
|
1485
1515
|
*
|
|
1486
1516
|
* @param authority
|
|
1487
1517
|
*/
|
|
1488
|
-
static transformCIAMAuthority(
|
|
1518
|
+
static transformCIAMAuthority(
|
|
1519
|
+
authority: string,
|
|
1520
|
+
correlationId: string
|
|
1521
|
+
): string {
|
|
1489
1522
|
let ciamAuthority = authority;
|
|
1490
|
-
const authorityUrl = new UrlString(authority);
|
|
1523
|
+
const authorityUrl = new UrlString(authority, correlationId);
|
|
1491
1524
|
const authorityUrlComponents = authorityUrl.getUrlComponents();
|
|
1492
1525
|
|
|
1493
1526
|
// check if transformation is needed
|
|
@@ -1510,9 +1543,10 @@ export class Authority {
|
|
|
1510
1543
|
* Extract tenantId from authority
|
|
1511
1544
|
*/
|
|
1512
1545
|
export function getTenantFromAuthorityString(
|
|
1513
|
-
authority: string
|
|
1546
|
+
authority: string,
|
|
1547
|
+
correlationId: string
|
|
1514
1548
|
): string | undefined {
|
|
1515
|
-
const authorityUrl = new UrlString(authority);
|
|
1549
|
+
const authorityUrl = new UrlString(authority, correlationId);
|
|
1516
1550
|
const authorityUrlComponents = authorityUrl.getUrlComponents();
|
|
1517
1551
|
/**
|
|
1518
1552
|
* For credential matching purposes, tenantId is the last path segment of the authority URL:
|
|
@@ -1552,7 +1586,8 @@ export function buildStaticAuthorityOptions(
|
|
|
1552
1586
|
cloudDiscoveryMetadata = JSON.parse(rawCloudDiscoveryMetadata);
|
|
1553
1587
|
} catch (e) {
|
|
1554
1588
|
throw createClientConfigurationError(
|
|
1555
|
-
ClientConfigurationErrorCodes.invalidCloudDiscoveryMetadata
|
|
1589
|
+
ClientConfigurationErrorCodes.invalidCloudDiscoveryMetadata,
|
|
1590
|
+
""
|
|
1556
1591
|
);
|
|
1557
1592
|
}
|
|
1558
1593
|
}
|
|
@@ -41,7 +41,8 @@ export async function createDiscoveredInstance(
|
|
|
41
41
|
performanceClient: IPerformanceClient
|
|
42
42
|
): Promise<Authority> {
|
|
43
43
|
const authorityUriFinal = Authority.transformCIAMAuthority(
|
|
44
|
-
formatAuthorityUri(authorityUri)
|
|
44
|
+
formatAuthorityUri(authorityUri),
|
|
45
|
+
correlationId
|
|
45
46
|
);
|
|
46
47
|
|
|
47
48
|
// Initialize authority and perform discovery endpoint check.
|
|
@@ -68,7 +69,8 @@ export async function createDiscoveredInstance(
|
|
|
68
69
|
return acquireTokenAuthority;
|
|
69
70
|
} catch (e) {
|
|
70
71
|
throw createClientAuthError(
|
|
71
|
-
ClientAuthErrorCodes.endpointResolutionError
|
|
72
|
+
ClientAuthErrorCodes.endpointResolutionError,
|
|
73
|
+
correlationId
|
|
72
74
|
);
|
|
73
75
|
}
|
|
74
76
|
}
|
|
@@ -146,7 +146,8 @@ export function getAliasesFromStaticSources(
|
|
|
146
146
|
const canonicalAuthority = staticAuthorityOptions.canonicalAuthority;
|
|
147
147
|
if (canonicalAuthority) {
|
|
148
148
|
const authorityHost = new UrlString(
|
|
149
|
-
canonicalAuthority
|
|
149
|
+
canonicalAuthority,
|
|
150
|
+
correlationId
|
|
150
151
|
).getUrlComponents().HostNameAndPort;
|
|
151
152
|
staticAliases =
|
|
152
153
|
getAliasesFromMetadata(
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
import { INetworkModule } from "../network/INetworkModule.js";
|
|
7
7
|
import { NetworkResponse } from "../network/NetworkResponse.js";
|
|
8
8
|
import { IMDSBadResponse } from "../response/IMDSBadResponse.js";
|
|
9
|
+
import { ImdsComputeResponse } from "../response/ImdsComputeResponse.js";
|
|
9
10
|
import * as Constants from "../utils/Constants.js";
|
|
10
11
|
import { RegionDiscoveryMetadata } from "./RegionDiscoveryMetadata.js";
|
|
11
12
|
import { ImdsOptions } from "./ImdsOptions.js";
|
|
@@ -69,9 +70,12 @@ export class RegionDiscovery {
|
|
|
69
70
|
if (
|
|
70
71
|
localIMDSVersionResponse.status === Constants.HTTP_SUCCESS
|
|
71
72
|
) {
|
|
72
|
-
autodetectedRegionName =
|
|
73
|
-
|
|
74
|
-
|
|
73
|
+
autodetectedRegionName =
|
|
74
|
+
localIMDSVersionResponse.body?.location;
|
|
75
|
+
if (autodetectedRegionName) {
|
|
76
|
+
regionDiscoveryMetadata.region_source =
|
|
77
|
+
Constants.RegionDiscoverySources.IMDS;
|
|
78
|
+
}
|
|
75
79
|
}
|
|
76
80
|
|
|
77
81
|
// If the response using the local IMDS version failed, try to fetch the current version of IMDS and retry.
|
|
@@ -104,9 +108,11 @@ export class RegionDiscovery {
|
|
|
104
108
|
Constants.HTTP_SUCCESS
|
|
105
109
|
) {
|
|
106
110
|
autodetectedRegionName =
|
|
107
|
-
currentIMDSVersionResponse.body;
|
|
108
|
-
|
|
109
|
-
|
|
111
|
+
currentIMDSVersionResponse.body?.location;
|
|
112
|
+
if (autodetectedRegionName) {
|
|
113
|
+
regionDiscoveryMetadata.region_source =
|
|
114
|
+
Constants.RegionDiscoverySources.IMDS;
|
|
115
|
+
}
|
|
110
116
|
}
|
|
111
117
|
}
|
|
112
118
|
} catch (e) {
|
|
@@ -131,15 +137,16 @@ export class RegionDiscovery {
|
|
|
131
137
|
/**
|
|
132
138
|
* Make the call to the IMDS endpoint
|
|
133
139
|
*
|
|
134
|
-
* @param
|
|
135
|
-
* @
|
|
140
|
+
* @param version
|
|
141
|
+
* @param options
|
|
142
|
+
* @returns Promise<NetworkResponse<ImdsComputeResponse>>
|
|
136
143
|
*/
|
|
137
144
|
private async getRegionFromIMDS(
|
|
138
145
|
version: string,
|
|
139
146
|
options: ImdsOptions
|
|
140
|
-
): Promise<NetworkResponse<
|
|
141
|
-
return this.networkInterface.sendGetRequestAsync<
|
|
142
|
-
`${Constants.IMDS_ENDPOINT}?api-version=${version}
|
|
147
|
+
): Promise<NetworkResponse<ImdsComputeResponse>> {
|
|
148
|
+
return this.networkInterface.sendGetRequestAsync<ImdsComputeResponse>(
|
|
149
|
+
`${Constants.IMDS_ENDPOINT}?api-version=${version}`,
|
|
143
150
|
options,
|
|
144
151
|
Constants.IMDS_TIMEOUT
|
|
145
152
|
);
|