@azure/msal-common 16.8.0 → 16.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +9 -3
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +9 -23
- package/dist/account/AuthToken.mjs.map +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +4 -4
- package/dist/account/ClientInfo.mjs.map +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +36 -37
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +3 -3
- package/dist/authority/AuthorityFactory.mjs.map +1 -1
- package/dist/authority/AuthorityMetadata.mjs +2 -2
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +16 -10
- package/dist/authority/RegionDiscovery.mjs.map +1 -1
- package/dist/cache/CacheManager.mjs +62 -46
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/AccountEntityUtils.mjs +23 -7
- package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +12 -4
- package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +7 -7
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +8 -8
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +10 -18
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.mjs +6 -5
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +7 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +11 -11
- package/dist/crypto/ICrypto.mjs.map +1 -1
- package/dist/crypto/JoseHeader.mjs +3 -3
- package/dist/crypto/JoseHeader.mjs.map +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +2 -2
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.mjs +5 -7
- package/dist/error/AuthError.mjs.map +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +5 -5
- package/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +5 -5
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +5 -5
- package/dist/error/JoseHeaderError.mjs.map +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +2 -2
- package/dist/error/NetworkError.mjs.map +1 -1
- package/dist/error/PlatformBrokerError.mjs +3 -3
- package/dist/error/PlatformBrokerError.mjs.map +1 -1
- package/dist/error/ServerError.mjs +3 -3
- package/dist/error/ServerError.mjs.map +1 -1
- package/dist/index-node.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.mjs +25 -11
- package/dist/logger/Logger.mjs.map +1 -1
- package/dist/network/INetworkModule.mjs +4 -3
- package/dist/network/INetworkModule.mjs.map +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.mjs +2 -2
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +18 -14
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/protocol/Token.mjs +4 -2
- package/dist/protocol/Token.mjs.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist/request/BaseAuthRequest.mjs +3 -3
- package/dist/request/BaseAuthRequest.mjs.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +50 -31
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +13 -12
- package/dist/request/ScopeSet.mjs.map +1 -1
- package/dist/response/ResponseHandler.mjs +30 -27
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist/url/UrlString.mjs +15 -14
- package/dist/url/UrlString.mjs.map +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +3 -2
- package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist/utils/Constants.mjs +7 -3
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +12 -9
- package/dist/utils/ProtocolUtils.mjs.map +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.mjs +4 -4
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/dist-browser/account/AccountInfo.mjs +9 -3
- package/dist-browser/account/AccountInfo.mjs.map +1 -1
- package/dist-browser/account/AuthToken.mjs +9 -23
- package/dist-browser/account/AuthToken.mjs.map +1 -1
- package/dist-browser/account/CcsCredential.mjs +1 -1
- package/dist-browser/account/ClientInfo.mjs +4 -4
- package/dist-browser/account/ClientInfo.mjs.map +1 -1
- package/dist-browser/account/TokenClaims.mjs +1 -1
- package/dist-browser/authority/Authority.mjs +52 -50
- package/dist-browser/authority/Authority.mjs.map +1 -1
- package/dist-browser/authority/AuthorityFactory.mjs +3 -3
- package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
- package/dist-browser/authority/AuthorityMetadata.mjs +8 -7
- package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist-browser/authority/AuthorityOptions.mjs +1 -1
- package/dist-browser/authority/AuthorityType.mjs +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist-browser/authority/ProtocolMode.mjs +1 -1
- package/dist-browser/authority/RegionDiscovery.mjs +16 -10
- package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
- package/dist-browser/cache/CacheManager.mjs +63 -47
- package/dist-browser/cache/CacheManager.mjs.map +1 -1
- package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist-browser/cache/utils/AccountEntityUtils.mjs +23 -7
- package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist-browser/cache/utils/CacheHelpers.mjs +12 -4
- package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist-browser/client/AuthorizationCodeClient.mjs +10 -10
- package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist-browser/client/RefreshTokenClient.mjs +9 -9
- package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
- package/dist-browser/client/SilentFlowClient.mjs +11 -19
- package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
- package/dist-browser/config/ClientConfiguration.mjs +6 -5
- package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
- package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
- package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist-browser/crypto/ICrypto.mjs +11 -11
- package/dist-browser/crypto/ICrypto.mjs.map +1 -1
- package/dist-browser/crypto/JoseHeader.mjs +3 -3
- package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
- package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
- package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist-browser/error/AuthError.mjs +5 -7
- package/dist-browser/error/AuthError.mjs.map +1 -1
- package/dist-browser/error/AuthErrorCodes.mjs +1 -1
- package/dist-browser/error/CacheError.mjs +1 -1
- package/dist-browser/error/CacheErrorCodes.mjs +1 -1
- package/dist-browser/error/ClientAuthError.mjs +5 -5
- package/dist-browser/error/ClientAuthError.mjs.map +1 -1
- package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationError.mjs +5 -5
- package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist-browser/error/JoseHeaderError.mjs +5 -5
- package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
- package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist-browser/error/NetworkError.mjs +2 -2
- package/dist-browser/error/NetworkError.mjs.map +1 -1
- package/dist-browser/error/PlatformBrokerError.mjs +3 -3
- package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
- package/dist-browser/error/ServerError.mjs +3 -3
- package/dist-browser/error/ServerError.mjs.map +1 -1
- package/dist-browser/index-browser.mjs +1 -1
- package/dist-browser/index.mjs +1 -1
- package/dist-browser/log-strings-mapping.json +2 -2
- package/dist-browser/logger/Logger.mjs +25 -11
- package/dist-browser/logger/Logger.mjs.map +1 -1
- package/dist-browser/network/INetworkModule.mjs +4 -3
- package/dist-browser/network/INetworkModule.mjs.map +1 -1
- package/dist-browser/network/RequestThumbprint.mjs +1 -1
- package/dist-browser/network/ThrottlingUtils.mjs +2 -2
- package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
- package/dist-browser/packageMetadata.mjs +2 -2
- package/dist-browser/protocol/Authorize.mjs +18 -14
- package/dist-browser/protocol/Authorize.mjs.map +1 -1
- package/dist-browser/protocol/Token.mjs +5 -3
- package/dist-browser/protocol/Token.mjs.map +1 -1
- package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist-browser/request/BaseAuthRequest.mjs +3 -3
- package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
- package/dist-browser/request/RequestParameterBuilder.mjs +50 -31
- package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist-browser/request/ScopeSet.mjs +13 -12
- package/dist-browser/request/ScopeSet.mjs.map +1 -1
- package/dist-browser/response/ResponseHandler.mjs +32 -29
- package/dist-browser/response/ResponseHandler.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceClient.mjs +9 -9
- package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist-browser/url/UrlString.mjs +15 -14
- package/dist-browser/url/UrlString.mjs.map +1 -1
- package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
- package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist-browser/utils/Constants.mjs +7 -3
- package/dist-browser/utils/Constants.mjs.map +1 -1
- package/dist-browser/utils/FunctionWrappers.mjs +7 -7
- package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
- package/dist-browser/utils/ProtocolUtils.mjs +12 -9
- package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
- package/dist-browser/utils/StringUtils.mjs +1 -1
- package/dist-browser/utils/TimeUtils.mjs +1 -1
- package/dist-browser/utils/UrlUtils.mjs +6 -6
- package/dist-browser/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +8 -8
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-7wFgJ2eB.js → index-node-BSFEsmmC.js} +407 -325
- package/lib/index-node-BSFEsmmC.js.map +1 -0
- package/lib/index-node.cjs +2 -2
- package/lib/index.cjs +2 -2
- package/package.json +3 -5
- package/src/account/AccountInfo.ts +19 -1
- package/src/account/AuthToken.ts +19 -21
- package/src/account/ClientCredentials.ts +1 -0
- package/src/account/ClientInfo.ts +8 -3
- package/src/authority/Authority.ts +73 -38
- package/src/authority/AuthorityFactory.ts +4 -2
- package/src/authority/AuthorityMetadata.ts +2 -1
- package/src/authority/RegionDiscovery.ts +18 -11
- package/src/cache/CacheManager.ts +160 -57
- package/src/cache/entities/AccountEntity.ts +4 -0
- package/src/cache/entities/CredentialEntity.ts +2 -0
- package/src/cache/interface/ICacheManager.ts +1 -0
- package/src/cache/utils/AccountEntityUtils.ts +29 -3
- package/src/cache/utils/CacheHelpers.ts +18 -3
- package/src/cache/utils/CacheTypes.ts +2 -0
- package/src/client/AuthorizationCodeClient.ts +10 -4
- package/src/client/RefreshTokenClient.ts +12 -5
- package/src/client/SilentFlowClient.ts +17 -20
- package/src/config/ClientConfiguration.ts +14 -4
- package/src/constants/AADServerParamKeys.ts +5 -0
- package/src/crypto/ICrypto.ts +40 -10
- package/src/crypto/JoseHeader.ts +8 -2
- package/src/crypto/PopTokenGenerator.ts +1 -1
- package/src/error/AuthError.ts +9 -5
- package/src/error/ClientAuthError.ts +8 -3
- package/src/error/ClientAuthErrorCodes.ts +0 -2
- package/src/error/ClientConfigurationError.ts +5 -4
- package/src/error/InteractionRequiredAuthError.ts +9 -5
- package/src/error/JoseHeaderError.ts +11 -4
- package/src/error/NetworkError.ts +6 -1
- package/src/error/PlatformBrokerError.ts +2 -1
- package/src/error/ServerError.ts +3 -2
- package/src/logger/Logger.ts +25 -10
- package/src/network/INetworkModule.ts +3 -2
- package/src/network/ThrottlingUtils.ts +1 -0
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +23 -6
- package/src/protocol/Token.ts +6 -1
- package/src/request/AuthenticationHeaderParser.ts +6 -3
- package/src/request/BaseAuthRequest.ts +8 -2
- package/src/request/RequestParameterBuilder.ts +67 -43
- package/src/request/ScopeSet.ts +27 -11
- package/src/response/ImdsComputeResponse.ts +14 -0
- package/src/response/ResponseHandler.ts +46 -32
- package/src/url/UrlString.ts +32 -13
- package/src/utils/ClientAssertionUtils.ts +3 -1
- package/src/utils/Constants.ts +6 -3
- package/src/utils/ProtocolUtils.ts +26 -8
- package/src/utils/UrlUtils.ts +8 -3
- package/types/account/AccountInfo.d.ts +8 -2
- package/types/account/AccountInfo.d.ts.map +1 -1
- package/types/account/AuthToken.d.ts +2 -6
- package/types/account/AuthToken.d.ts.map +1 -1
- package/types/account/ClientCredentials.d.ts +1 -0
- package/types/account/ClientCredentials.d.ts.map +1 -1
- package/types/account/ClientInfo.d.ts.map +1 -1
- package/types/authority/Authority.d.ts +5 -5
- package/types/authority/Authority.d.ts.map +1 -1
- package/types/authority/AuthorityFactory.d.ts.map +1 -1
- package/types/authority/AuthorityMetadata.d.ts.map +1 -1
- package/types/authority/RegionDiscovery.d.ts +3 -2
- package/types/authority/RegionDiscovery.d.ts.map +1 -1
- package/types/cache/CacheManager.d.ts +0 -7
- package/types/cache/CacheManager.d.ts.map +1 -1
- package/types/cache/entities/AccountEntity.d.ts +4 -0
- package/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/types/cache/entities/CredentialEntity.d.ts +2 -0
- package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/types/cache/interface/ICacheManager.d.ts +1 -0
- package/types/cache/interface/ICacheManager.d.ts.map +1 -1
- package/types/cache/utils/AccountEntityUtils.d.ts +7 -1
- package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
- package/types/cache/utils/CacheHelpers.d.ts +4 -1
- package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/types/cache/utils/CacheTypes.d.ts +2 -1
- package/types/cache/utils/CacheTypes.d.ts.map +1 -1
- package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/types/client/SilentFlowClient.d.ts.map +1 -1
- package/types/config/ClientConfiguration.d.ts +4 -0
- package/types/config/ClientConfiguration.d.ts.map +1 -1
- package/types/constants/AADServerParamKeys.d.ts +4 -0
- package/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/types/crypto/ICrypto.d.ts.map +1 -1
- package/types/crypto/JoseHeader.d.ts.map +1 -1
- package/types/error/AuthError.d.ts +2 -3
- package/types/error/AuthError.d.ts.map +1 -1
- package/types/error/ClientAuthError.d.ts +2 -2
- package/types/error/ClientAuthError.d.ts.map +1 -1
- package/types/error/ClientAuthErrorCodes.d.ts +0 -2
- package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/types/error/ClientConfigurationError.d.ts +2 -2
- package/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/types/error/InteractionRequiredAuthError.d.ts +2 -2
- package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/types/error/JoseHeaderError.d.ts +2 -2
- package/types/error/JoseHeaderError.d.ts.map +1 -1
- package/types/error/NetworkError.d.ts.map +1 -1
- package/types/error/PlatformBrokerError.d.ts +1 -1
- package/types/error/PlatformBrokerError.d.ts.map +1 -1
- package/types/error/ServerError.d.ts +1 -1
- package/types/error/ServerError.d.ts.map +1 -1
- package/types/logger/Logger.d.ts.map +1 -1
- package/types/network/INetworkModule.d.ts.map +1 -1
- package/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/packageMetadata.d.ts.map +1 -1
- package/types/protocol/Authorize.d.ts +6 -2
- package/types/protocol/Authorize.d.ts.map +1 -1
- package/types/protocol/Token.d.ts +2 -0
- package/types/protocol/Token.d.ts.map +1 -1
- package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/types/request/BaseAuthRequest.d.ts +4 -0
- package/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/types/request/RequestParameterBuilder.d.ts +13 -3
- package/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/types/request/ScopeSet.d.ts +4 -3
- package/types/request/ScopeSet.d.ts.map +1 -1
- package/types/response/ImdsComputeResponse.d.ts +10 -0
- package/types/response/ImdsComputeResponse.d.ts.map +1 -0
- package/types/response/ResponseHandler.d.ts +2 -1
- package/types/response/ResponseHandler.d.ts.map +1 -1
- package/types/url/UrlString.d.ts +5 -4
- package/types/url/UrlString.d.ts.map +1 -1
- package/types/utils/ClientAssertionUtils.d.ts +1 -1
- package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
- package/types/utils/Constants.d.ts +6 -2
- package/types/utils/Constants.d.ts.map +1 -1
- package/types/utils/ProtocolUtils.d.ts +6 -3
- package/types/utils/ProtocolUtils.d.ts.map +1 -1
- package/types/utils/UrlUtils.d.ts.map +1 -1
- package/lib/index-node-7wFgJ2eB.js.map +0 -1
|
@@ -402,7 +402,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
402
402
|
if (idToken) {
|
|
403
403
|
idTokenClaims = extractTokenClaims(
|
|
404
404
|
idToken.secret,
|
|
405
|
-
this.cryptoImpl.base64Decode
|
|
405
|
+
this.cryptoImpl.base64Decode,
|
|
406
|
+
correlationId
|
|
406
407
|
);
|
|
407
408
|
|
|
408
409
|
if (
|
|
@@ -525,6 +526,14 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
525
526
|
return false;
|
|
526
527
|
}
|
|
527
528
|
|
|
529
|
+
if (
|
|
530
|
+
!!tenantProfileFilter.nativeAccountId &&
|
|
531
|
+
tenantProfile.nativeAccountId !==
|
|
532
|
+
tenantProfileFilter.nativeAccountId
|
|
533
|
+
) {
|
|
534
|
+
return false;
|
|
535
|
+
}
|
|
536
|
+
|
|
528
537
|
return true;
|
|
529
538
|
}
|
|
530
539
|
|
|
@@ -601,7 +610,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
601
610
|
): Promise<void> {
|
|
602
611
|
if (!cacheRecord) {
|
|
603
612
|
throw createClientAuthError(
|
|
604
|
-
ClientAuthErrorCodes.invalidCacheRecord
|
|
613
|
+
ClientAuthErrorCodes.invalidCacheRecord,
|
|
614
|
+
correlationId
|
|
605
615
|
);
|
|
606
616
|
}
|
|
607
617
|
|
|
@@ -680,7 +690,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
680
690
|
};
|
|
681
691
|
|
|
682
692
|
const tokenKeys = this.getTokenKeys();
|
|
683
|
-
const currentScopes = ScopeSet.fromString(
|
|
693
|
+
const currentScopes = ScopeSet.fromString(
|
|
694
|
+
credential.target,
|
|
695
|
+
correlationId
|
|
696
|
+
);
|
|
684
697
|
|
|
685
698
|
tokenKeys.accessToken.forEach((key) => {
|
|
686
699
|
if (
|
|
@@ -702,7 +715,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
702
715
|
correlationId
|
|
703
716
|
)
|
|
704
717
|
) {
|
|
705
|
-
const tokenScopeSet = ScopeSet.fromString(
|
|
718
|
+
const tokenScopeSet = ScopeSet.fromString(
|
|
719
|
+
tokenEntity.target,
|
|
720
|
+
correlationId
|
|
721
|
+
);
|
|
706
722
|
if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
|
|
707
723
|
this.removeAccessToken(key, correlationId);
|
|
708
724
|
}
|
|
@@ -759,16 +775,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
759
775
|
return;
|
|
760
776
|
}
|
|
761
777
|
|
|
762
|
-
if (
|
|
763
|
-
!!accountFilter.nativeAccountId &&
|
|
764
|
-
!this.matchNativeAccountId(
|
|
765
|
-
entity,
|
|
766
|
-
accountFilter.nativeAccountId
|
|
767
|
-
)
|
|
768
|
-
) {
|
|
769
|
-
return;
|
|
770
|
-
}
|
|
771
|
-
|
|
772
778
|
if (
|
|
773
779
|
!!accountFilter.authorityType &&
|
|
774
780
|
!this.matchAuthorityType(entity, accountFilter.authorityType)
|
|
@@ -783,6 +789,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
783
789
|
username: accountFilter?.username,
|
|
784
790
|
loginHint: accountFilter?.loginHint,
|
|
785
791
|
upn: accountFilter?.upn,
|
|
792
|
+
nativeAccountId: accountFilter?.nativeAccountId,
|
|
786
793
|
};
|
|
787
794
|
|
|
788
795
|
const matchingTenantProfiles = entity.tenantProfiles?.filter(
|
|
@@ -865,7 +872,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
865
872
|
* idTokens do not have "target", target specific refreshTokens do exist for some types of authentication
|
|
866
873
|
* Resource specific refresh tokens case will be added when the support is deemed necessary
|
|
867
874
|
*/
|
|
868
|
-
if (
|
|
875
|
+
if (
|
|
876
|
+
!!filter.target &&
|
|
877
|
+
!this.matchTarget(entity, filter.target, correlationId)
|
|
878
|
+
) {
|
|
869
879
|
return false;
|
|
870
880
|
}
|
|
871
881
|
|
|
@@ -889,6 +899,34 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
889
899
|
}
|
|
890
900
|
}
|
|
891
901
|
|
|
902
|
+
// Additional cache key components matching (bidirectional isolation)
|
|
903
|
+
const entityComponents = entity.additionalCacheKeyComponents;
|
|
904
|
+
const filterComponents = filter.additionalCacheKeyComponents;
|
|
905
|
+
const entityHasComponents =
|
|
906
|
+
!!entityComponents && Object.keys(entityComponents).length > 0;
|
|
907
|
+
const filterHasComponents =
|
|
908
|
+
!!filterComponents && Object.keys(filterComponents).length > 0;
|
|
909
|
+
|
|
910
|
+
if (entityHasComponents !== filterHasComponents) {
|
|
911
|
+
return false;
|
|
912
|
+
}
|
|
913
|
+
if (entityHasComponents && filterHasComponents) {
|
|
914
|
+
const entityKeys = Object.keys(entityComponents).sort();
|
|
915
|
+
const filterKeys = Object.keys(filterComponents).sort();
|
|
916
|
+
if (entityKeys.length !== filterKeys.length) {
|
|
917
|
+
return false;
|
|
918
|
+
}
|
|
919
|
+
for (let i = 0; i < entityKeys.length; i++) {
|
|
920
|
+
if (
|
|
921
|
+
entityKeys[i] !== filterKeys[i] ||
|
|
922
|
+
entityComponents[entityKeys[i]] !==
|
|
923
|
+
filterComponents[filterKeys[i]]
|
|
924
|
+
) {
|
|
925
|
+
return false;
|
|
926
|
+
}
|
|
927
|
+
}
|
|
928
|
+
}
|
|
929
|
+
|
|
892
930
|
return true;
|
|
893
931
|
}
|
|
894
932
|
|
|
@@ -1289,7 +1327,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1289
1327
|
"CacheManager - getAccessToken called",
|
|
1290
1328
|
correlationId
|
|
1291
1329
|
);
|
|
1292
|
-
const scopes = ScopeSet.createSearchScopes(
|
|
1330
|
+
const scopes = ScopeSet.createSearchScopes(
|
|
1331
|
+
request.scopes,
|
|
1332
|
+
correlationId
|
|
1333
|
+
);
|
|
1293
1334
|
const authScheme =
|
|
1294
1335
|
request.authenticationScheme ||
|
|
1295
1336
|
Constants.AuthenticationScheme.BEARER;
|
|
@@ -1599,7 +1640,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1599
1640
|
return null;
|
|
1600
1641
|
} else if (numAppMetadata > 1) {
|
|
1601
1642
|
throw createClientAuthError(
|
|
1602
|
-
ClientAuthErrorCodes.multipleMatchingAppMetadata
|
|
1643
|
+
ClientAuthErrorCodes.multipleMatchingAppMetadata,
|
|
1644
|
+
correlationId
|
|
1603
1645
|
);
|
|
1604
1646
|
}
|
|
1605
1647
|
|
|
@@ -1806,21 +1848,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1806
1848
|
return !!(entity.realm?.toLowerCase() === realm.toLowerCase());
|
|
1807
1849
|
}
|
|
1808
1850
|
|
|
1809
|
-
/**
|
|
1810
|
-
* helper to match nativeAccountId
|
|
1811
|
-
* @param entity
|
|
1812
|
-
* @param nativeAccountId
|
|
1813
|
-
* @returns boolean indicating the match result
|
|
1814
|
-
*/
|
|
1815
|
-
private matchNativeAccountId(
|
|
1816
|
-
entity: AccountEntity,
|
|
1817
|
-
nativeAccountId: string
|
|
1818
|
-
): boolean {
|
|
1819
|
-
return !!(
|
|
1820
|
-
entity.nativeAccountId && nativeAccountId === entity.nativeAccountId
|
|
1821
|
-
);
|
|
1822
|
-
}
|
|
1823
|
-
|
|
1824
1851
|
/**
|
|
1825
1852
|
* helper to match loginHint which can be either:
|
|
1826
1853
|
* 1. login_hint ID token claim
|
|
@@ -1879,7 +1906,11 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1879
1906
|
* @param entity
|
|
1880
1907
|
* @param target
|
|
1881
1908
|
*/
|
|
1882
|
-
private matchTarget(
|
|
1909
|
+
private matchTarget(
|
|
1910
|
+
entity: CredentialEntity,
|
|
1911
|
+
target: ScopeSet,
|
|
1912
|
+
correlationId: string
|
|
1913
|
+
): boolean {
|
|
1883
1914
|
const isNotAccessTokenCredential =
|
|
1884
1915
|
entity.credentialType !== Constants.CredentialType.ACCESS_TOKEN &&
|
|
1885
1916
|
entity.credentialType !==
|
|
@@ -1889,7 +1920,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1889
1920
|
return false;
|
|
1890
1921
|
}
|
|
1891
1922
|
|
|
1892
|
-
const entityScopeSet: ScopeSet = ScopeSet.fromString(
|
|
1923
|
+
const entityScopeSet: ScopeSet = ScopeSet.fromString(
|
|
1924
|
+
entity.target,
|
|
1925
|
+
correlationId
|
|
1926
|
+
);
|
|
1893
1927
|
|
|
1894
1928
|
return entityScopeSet.containsScopeSet(target);
|
|
1895
1929
|
}
|
|
@@ -1954,72 +1988,141 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1954
1988
|
/** @internal */
|
|
1955
1989
|
export class DefaultStorageClass extends CacheManager {
|
|
1956
1990
|
async setAccount(): Promise<void> {
|
|
1957
|
-
throw createClientAuthError(
|
|
1991
|
+
throw createClientAuthError(
|
|
1992
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
1993
|
+
""
|
|
1994
|
+
);
|
|
1958
1995
|
}
|
|
1959
1996
|
getAccount(): AccountEntity {
|
|
1960
|
-
throw createClientAuthError(
|
|
1997
|
+
throw createClientAuthError(
|
|
1998
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
1999
|
+
""
|
|
2000
|
+
);
|
|
1961
2001
|
}
|
|
1962
2002
|
async setIdTokenCredential(): Promise<void> {
|
|
1963
|
-
throw createClientAuthError(
|
|
2003
|
+
throw createClientAuthError(
|
|
2004
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2005
|
+
""
|
|
2006
|
+
);
|
|
1964
2007
|
}
|
|
1965
2008
|
getIdTokenCredential(): IdTokenEntity {
|
|
1966
|
-
throw createClientAuthError(
|
|
2009
|
+
throw createClientAuthError(
|
|
2010
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2011
|
+
""
|
|
2012
|
+
);
|
|
1967
2013
|
}
|
|
1968
2014
|
async setAccessTokenCredential(): Promise<void> {
|
|
1969
|
-
throw createClientAuthError(
|
|
2015
|
+
throw createClientAuthError(
|
|
2016
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2017
|
+
""
|
|
2018
|
+
);
|
|
1970
2019
|
}
|
|
1971
2020
|
getAccessTokenCredential(): AccessTokenEntity {
|
|
1972
|
-
throw createClientAuthError(
|
|
2021
|
+
throw createClientAuthError(
|
|
2022
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2023
|
+
""
|
|
2024
|
+
);
|
|
1973
2025
|
}
|
|
1974
2026
|
async setRefreshTokenCredential(): Promise<void> {
|
|
1975
|
-
throw createClientAuthError(
|
|
2027
|
+
throw createClientAuthError(
|
|
2028
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2029
|
+
""
|
|
2030
|
+
);
|
|
1976
2031
|
}
|
|
1977
2032
|
getRefreshTokenCredential(): RefreshTokenEntity {
|
|
1978
|
-
throw createClientAuthError(
|
|
2033
|
+
throw createClientAuthError(
|
|
2034
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2035
|
+
""
|
|
2036
|
+
);
|
|
1979
2037
|
}
|
|
1980
2038
|
setAppMetadata(): void {
|
|
1981
|
-
throw createClientAuthError(
|
|
2039
|
+
throw createClientAuthError(
|
|
2040
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2041
|
+
""
|
|
2042
|
+
);
|
|
1982
2043
|
}
|
|
1983
2044
|
getAppMetadata(): AppMetadataEntity {
|
|
1984
|
-
throw createClientAuthError(
|
|
2045
|
+
throw createClientAuthError(
|
|
2046
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2047
|
+
""
|
|
2048
|
+
);
|
|
1985
2049
|
}
|
|
1986
2050
|
setServerTelemetry(): void {
|
|
1987
|
-
throw createClientAuthError(
|
|
2051
|
+
throw createClientAuthError(
|
|
2052
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2053
|
+
""
|
|
2054
|
+
);
|
|
1988
2055
|
}
|
|
1989
2056
|
getServerTelemetry(): ServerTelemetryEntity {
|
|
1990
|
-
throw createClientAuthError(
|
|
2057
|
+
throw createClientAuthError(
|
|
2058
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2059
|
+
""
|
|
2060
|
+
);
|
|
1991
2061
|
}
|
|
1992
2062
|
setAuthorityMetadata(): void {
|
|
1993
|
-
throw createClientAuthError(
|
|
2063
|
+
throw createClientAuthError(
|
|
2064
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2065
|
+
""
|
|
2066
|
+
);
|
|
1994
2067
|
}
|
|
1995
2068
|
getAuthorityMetadata(): AuthorityMetadataEntity | null {
|
|
1996
|
-
throw createClientAuthError(
|
|
2069
|
+
throw createClientAuthError(
|
|
2070
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2071
|
+
""
|
|
2072
|
+
);
|
|
1997
2073
|
}
|
|
1998
2074
|
getAuthorityMetadataKeys(): Array<string> {
|
|
1999
|
-
throw createClientAuthError(
|
|
2075
|
+
throw createClientAuthError(
|
|
2076
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2077
|
+
""
|
|
2078
|
+
);
|
|
2000
2079
|
}
|
|
2001
2080
|
setThrottlingCache(): void {
|
|
2002
|
-
throw createClientAuthError(
|
|
2081
|
+
throw createClientAuthError(
|
|
2082
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2083
|
+
""
|
|
2084
|
+
);
|
|
2003
2085
|
}
|
|
2004
2086
|
getThrottlingCache(): ThrottlingEntity {
|
|
2005
|
-
throw createClientAuthError(
|
|
2087
|
+
throw createClientAuthError(
|
|
2088
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2089
|
+
""
|
|
2090
|
+
);
|
|
2006
2091
|
}
|
|
2007
2092
|
removeItem(): boolean {
|
|
2008
|
-
throw createClientAuthError(
|
|
2093
|
+
throw createClientAuthError(
|
|
2094
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2095
|
+
""
|
|
2096
|
+
);
|
|
2009
2097
|
}
|
|
2010
2098
|
getKeys(): string[] {
|
|
2011
|
-
throw createClientAuthError(
|
|
2099
|
+
throw createClientAuthError(
|
|
2100
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2101
|
+
""
|
|
2102
|
+
);
|
|
2012
2103
|
}
|
|
2013
2104
|
getAccountKeys(): string[] {
|
|
2014
|
-
throw createClientAuthError(
|
|
2105
|
+
throw createClientAuthError(
|
|
2106
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2107
|
+
""
|
|
2108
|
+
);
|
|
2015
2109
|
}
|
|
2016
2110
|
getTokenKeys(): TokenKeys {
|
|
2017
|
-
throw createClientAuthError(
|
|
2111
|
+
throw createClientAuthError(
|
|
2112
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2113
|
+
""
|
|
2114
|
+
);
|
|
2018
2115
|
}
|
|
2019
2116
|
generateCredentialKey(): string {
|
|
2020
|
-
throw createClientAuthError(
|
|
2117
|
+
throw createClientAuthError(
|
|
2118
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2119
|
+
""
|
|
2120
|
+
);
|
|
2021
2121
|
}
|
|
2022
2122
|
generateAccountKey(): string {
|
|
2023
|
-
throw createClientAuthError(
|
|
2123
|
+
throw createClientAuthError(
|
|
2124
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2125
|
+
""
|
|
2126
|
+
);
|
|
2024
2127
|
}
|
|
2025
2128
|
}
|
|
@@ -42,6 +42,10 @@ export type AccountEntity = {
|
|
|
42
42
|
lastModificationApp?: string;
|
|
43
43
|
cloudGraphHostName?: string;
|
|
44
44
|
msGraphHost?: string;
|
|
45
|
+
/**
|
|
46
|
+
* @deprecated Use tenantProfiles[].nativeAccountId instead. Kept for cache downgrade compatibility.
|
|
47
|
+
* Will be removed at the next ACCOUNT_SCHEMA_VERSION bump.
|
|
48
|
+
*/
|
|
45
49
|
nativeAccountId?: string;
|
|
46
50
|
tenantProfiles?: Array<TenantProfile>;
|
|
47
51
|
/** Timestamp when the entry was last updated */
|
|
@@ -31,6 +31,8 @@ export type CredentialEntity = {
|
|
|
31
31
|
tokenType?: AuthenticationScheme;
|
|
32
32
|
/** KeyId for PoP and SSH tokens stored in the kid claim */
|
|
33
33
|
keyId?: string;
|
|
34
|
+
/** Additional cache key components for cache isolation (e.g., { fmi_path: "..." }). Stored as raw key-value pairs; a combined hash is computed at key-generation time. */
|
|
35
|
+
additionalCacheKeyComponents?: Record<string, string>;
|
|
34
36
|
/** Timestamp when the entry was last updated */
|
|
35
37
|
lastUpdatedAt: string;
|
|
36
38
|
};
|
|
@@ -16,6 +16,7 @@ import { RefreshTokenEntity } from "../entities/RefreshTokenEntity.js";
|
|
|
16
16
|
import { AuthorityMetadataEntity } from "../entities/AuthorityMetadataEntity.js";
|
|
17
17
|
import { StoreInCache } from "../../request/StoreInCache.js";
|
|
18
18
|
|
|
19
|
+
/** @internal */
|
|
19
20
|
export interface ICacheManager {
|
|
20
21
|
/**
|
|
21
22
|
* fetch the account entity from the platform cache
|
|
@@ -28,6 +28,7 @@ import { AccountEntity } from "../entities/AccountEntity.js";
|
|
|
28
28
|
|
|
29
29
|
/**
|
|
30
30
|
* Generate Account Id key component as per the schema: <home_account_id>-<environment>
|
|
31
|
+
* @internal
|
|
31
32
|
*/
|
|
32
33
|
export function generateAccountId(accountEntity: AccountEntity): string {
|
|
33
34
|
const accountId: Array<string> = [
|
|
@@ -39,6 +40,7 @@ export function generateAccountId(accountEntity: AccountEntity): string {
|
|
|
39
40
|
|
|
40
41
|
/**
|
|
41
42
|
* Returns the AccountInfo interface for this account.
|
|
43
|
+
* @internal
|
|
42
44
|
*/
|
|
43
45
|
export function getAccountInfo(accountEntity: AccountEntity): AccountInfo {
|
|
44
46
|
const tenantProfiles = accountEntity.tenantProfiles || [];
|
|
@@ -52,10 +54,18 @@ export function getAccountInfo(accountEntity: AccountEntity): AccountInfo {
|
|
|
52
54
|
buildTenantProfile(
|
|
53
55
|
accountEntity.homeAccountId,
|
|
54
56
|
accountEntity.localAccountId,
|
|
55
|
-
accountEntity.realm
|
|
57
|
+
accountEntity.realm,
|
|
58
|
+
accountEntity.nativeAccountId
|
|
56
59
|
)
|
|
57
60
|
);
|
|
58
61
|
}
|
|
62
|
+
// Resolve nativeAccountId from the home tenant profile first, fall back to top-level (deprecated) for old cache entries
|
|
63
|
+
const homeTenantProfile = tenantProfiles.find(
|
|
64
|
+
(tp) => tp.tenantId === accountEntity.realm
|
|
65
|
+
);
|
|
66
|
+
const nativeAccountId =
|
|
67
|
+
homeTenantProfile?.nativeAccountId || accountEntity.nativeAccountId;
|
|
68
|
+
|
|
59
69
|
return {
|
|
60
70
|
homeAccountId: accountEntity.homeAccountId,
|
|
61
71
|
environment: accountEntity.environment,
|
|
@@ -64,7 +74,7 @@ export function getAccountInfo(accountEntity: AccountEntity): AccountInfo {
|
|
|
64
74
|
localAccountId: accountEntity.localAccountId,
|
|
65
75
|
loginHint: accountEntity.loginHint,
|
|
66
76
|
name: accountEntity.name,
|
|
67
|
-
nativeAccountId:
|
|
77
|
+
nativeAccountId: nativeAccountId,
|
|
68
78
|
authorityType: accountEntity.authorityType,
|
|
69
79
|
// Deserialize tenant profiles array into a Map
|
|
70
80
|
tenantProfiles: new Map(
|
|
@@ -78,6 +88,7 @@ export function getAccountInfo(accountEntity: AccountEntity): AccountInfo {
|
|
|
78
88
|
|
|
79
89
|
/**
|
|
80
90
|
* Returns true if the account entity is in single tenant format (outdated), false otherwise
|
|
91
|
+
* @internal
|
|
81
92
|
*/
|
|
82
93
|
export function isSingleTenant(accountEntity: AccountEntity): boolean {
|
|
83
94
|
return !accountEntity.tenantProfiles;
|
|
@@ -86,6 +97,7 @@ export function isSingleTenant(accountEntity: AccountEntity): boolean {
|
|
|
86
97
|
/**
|
|
87
98
|
* Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
|
|
88
99
|
* @param accountDetails
|
|
100
|
+
* @internal
|
|
89
101
|
*/
|
|
90
102
|
export function createAccountEntity(
|
|
91
103
|
accountDetails: {
|
|
@@ -99,6 +111,7 @@ export function createAccountEntity(
|
|
|
99
111
|
tenantProfiles?: Array<TenantProfile>;
|
|
100
112
|
},
|
|
101
113
|
authority: Authority,
|
|
114
|
+
correlationId: string,
|
|
102
115
|
base64Decode?: (input: string) => string
|
|
103
116
|
): AccountEntity {
|
|
104
117
|
let authorityType;
|
|
@@ -126,7 +139,8 @@ export function createAccountEntity(
|
|
|
126
139
|
|
|
127
140
|
if (!env) {
|
|
128
141
|
throw createClientAuthError(
|
|
129
|
-
ClientAuthErrorCodes.invalidCacheEnvironment
|
|
142
|
+
ClientAuthErrorCodes.invalidCacheEnvironment,
|
|
143
|
+
correlationId
|
|
130
144
|
);
|
|
131
145
|
}
|
|
132
146
|
|
|
@@ -164,6 +178,7 @@ export function createAccountEntity(
|
|
|
164
178
|
accountDetails.homeAccountId,
|
|
165
179
|
localAccountId,
|
|
166
180
|
realm,
|
|
181
|
+
accountDetails.nativeAccountId,
|
|
167
182
|
accountDetails.idTokenClaims
|
|
168
183
|
);
|
|
169
184
|
tenantProfiles = [tenantProfile];
|
|
@@ -195,6 +210,7 @@ export function createAccountEntity(
|
|
|
195
210
|
* @param cloudGraphHostName
|
|
196
211
|
* @param msGraphHost
|
|
197
212
|
* @returns
|
|
213
|
+
* @internal
|
|
198
214
|
*/
|
|
199
215
|
export function createAccountEntityFromAccountInfo(
|
|
200
216
|
accountInfo: AccountInfo,
|
|
@@ -216,9 +232,18 @@ export function createAccountEntityFromAccountInfo(
|
|
|
216
232
|
accountInfo.homeAccountId,
|
|
217
233
|
accountInfo.localAccountId,
|
|
218
234
|
accountInfo.tenantId,
|
|
235
|
+
accountInfo.nativeAccountId,
|
|
219
236
|
accountInfo.idTokenClaims
|
|
220
237
|
)
|
|
221
238
|
);
|
|
239
|
+
} else if (accountInfo.nativeAccountId) {
|
|
240
|
+
// Ensure nativeAccountId is set on the matching tenant profile
|
|
241
|
+
const matchingProfile = tenantProfiles.find(
|
|
242
|
+
(tp) => tp.tenantId === accountInfo.tenantId
|
|
243
|
+
);
|
|
244
|
+
if (matchingProfile && !matchingProfile.nativeAccountId) {
|
|
245
|
+
matchingProfile.nativeAccountId = accountInfo.nativeAccountId;
|
|
246
|
+
}
|
|
222
247
|
}
|
|
223
248
|
return {
|
|
224
249
|
authorityType:
|
|
@@ -275,6 +300,7 @@ export function generateHomeAccountId(
|
|
|
275
300
|
/**
|
|
276
301
|
* Validates an entity: checks for all expected params
|
|
277
302
|
* @param entity
|
|
303
|
+
* @internal
|
|
278
304
|
*/
|
|
279
305
|
export function isAccountEntity(entity: object): entity is AccountEntity {
|
|
280
306
|
if (!entity) {
|
|
@@ -68,10 +68,12 @@ export function createAccessTokenEntity(
|
|
|
68
68
|
expiresOn: number,
|
|
69
69
|
extExpiresOn: number,
|
|
70
70
|
base64Decode: (input: string) => string,
|
|
71
|
+
correlationId: string,
|
|
71
72
|
refreshOn?: number,
|
|
72
73
|
tokenType?: Constants.AuthenticationScheme,
|
|
73
74
|
userAssertionHash?: string,
|
|
74
|
-
keyId?: string
|
|
75
|
+
keyId?: string,
|
|
76
|
+
additionalCacheKeyComponents?: Record<string, string>
|
|
75
77
|
): AccessTokenEntity {
|
|
76
78
|
const atEntity: AccessTokenEntity = {
|
|
77
79
|
homeAccountId: homeAccountId,
|
|
@@ -111,11 +113,13 @@ export function createAccessTokenEntity(
|
|
|
111
113
|
// Make sure keyId is present and add it to credential
|
|
112
114
|
const tokenClaims: TokenClaims | null = extractTokenClaims(
|
|
113
115
|
accessToken,
|
|
114
|
-
base64Decode
|
|
116
|
+
base64Decode,
|
|
117
|
+
correlationId
|
|
115
118
|
);
|
|
116
119
|
if (!tokenClaims?.cnf?.kid) {
|
|
117
120
|
throw createClientAuthError(
|
|
118
|
-
ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt
|
|
121
|
+
ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt,
|
|
122
|
+
correlationId
|
|
119
123
|
);
|
|
120
124
|
}
|
|
121
125
|
atEntity.keyId = tokenClaims.cnf.kid;
|
|
@@ -125,6 +129,14 @@ export function createAccessTokenEntity(
|
|
|
125
129
|
}
|
|
126
130
|
}
|
|
127
131
|
|
|
132
|
+
/* Additional cache key components for cache isolation (e.g., FMI path) */
|
|
133
|
+
if (
|
|
134
|
+
additionalCacheKeyComponents &&
|
|
135
|
+
Object.keys(additionalCacheKeyComponents).length > 0
|
|
136
|
+
) {
|
|
137
|
+
atEntity.additionalCacheKeyComponents = additionalCacheKeyComponents;
|
|
138
|
+
}
|
|
139
|
+
|
|
128
140
|
return atEntity;
|
|
129
141
|
}
|
|
130
142
|
|
|
@@ -342,6 +354,7 @@ export function generateAuthorityMetadataExpiresAt(): number {
|
|
|
342
354
|
);
|
|
343
355
|
}
|
|
344
356
|
|
|
357
|
+
/** @internal */
|
|
345
358
|
export function updateAuthorityEndpointMetadata(
|
|
346
359
|
authorityMetadata: AuthorityMetadataEntity,
|
|
347
360
|
updatedValues: OpenIdConfigResponse,
|
|
@@ -356,6 +369,7 @@ export function updateAuthorityEndpointMetadata(
|
|
|
356
369
|
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
357
370
|
}
|
|
358
371
|
|
|
372
|
+
/** @internal */
|
|
359
373
|
export function updateCloudDiscoveryMetadata(
|
|
360
374
|
authorityMetadata: AuthorityMetadataEntity,
|
|
361
375
|
updatedValues: CloudDiscoveryMetadata,
|
|
@@ -369,6 +383,7 @@ export function updateCloudDiscoveryMetadata(
|
|
|
369
383
|
|
|
370
384
|
/**
|
|
371
385
|
* Returns whether or not the data needs to be refreshed
|
|
386
|
+
* @internal
|
|
372
387
|
*/
|
|
373
388
|
export function isAuthorityMetadataExpired(
|
|
374
389
|
metadata: AuthorityMetadataEntity
|
|
@@ -72,6 +72,7 @@ export type TenantProfileFilter = Pick<
|
|
|
72
72
|
| "isHomeTenant"
|
|
73
73
|
| "username"
|
|
74
74
|
| "upn"
|
|
75
|
+
| "nativeAccountId"
|
|
75
76
|
>;
|
|
76
77
|
|
|
77
78
|
/**
|
|
@@ -88,6 +89,7 @@ export type CredentialFilter = {
|
|
|
88
89
|
userAssertionHash?: string;
|
|
89
90
|
tokenType?: AuthenticationScheme;
|
|
90
91
|
keyId?: string;
|
|
92
|
+
additionalCacheKeyComponents?: Record<string, string>;
|
|
91
93
|
};
|
|
92
94
|
|
|
93
95
|
/**
|
|
@@ -132,7 +132,8 @@ export class AuthorizationCodeClient {
|
|
|
132
132
|
): Promise<AuthenticationResult> {
|
|
133
133
|
if (!request.code) {
|
|
134
134
|
throw createClientAuthError(
|
|
135
|
-
ClientAuthErrorCodes.requestCannotBeMade
|
|
135
|
+
ClientAuthErrorCodes.requestCannotBeMade,
|
|
136
|
+
request.correlationId
|
|
136
137
|
);
|
|
137
138
|
}
|
|
138
139
|
|
|
@@ -205,7 +206,8 @@ export class AuthorizationCodeClient {
|
|
|
205
206
|
// Throw error if logoutRequest is null/undefined
|
|
206
207
|
if (!logoutRequest) {
|
|
207
208
|
throw createClientConfigurationError(
|
|
208
|
-
ClientConfigurationErrorCodes.logoutRequestEmpty
|
|
209
|
+
ClientConfigurationErrorCodes.logoutRequestEmpty,
|
|
210
|
+
""
|
|
209
211
|
);
|
|
210
212
|
}
|
|
211
213
|
const queryString = this.createLogoutUrlQueryString(logoutRequest);
|
|
@@ -319,7 +321,8 @@ export class AuthorizationCodeClient {
|
|
|
319
321
|
// Just validate
|
|
320
322
|
if (!request.redirectUri) {
|
|
321
323
|
throw createClientConfigurationError(
|
|
322
|
-
ClientConfigurationErrorCodes.redirectUriEmpty
|
|
324
|
+
ClientConfigurationErrorCodes.redirectUriEmpty,
|
|
325
|
+
request.correlationId
|
|
323
326
|
);
|
|
324
327
|
}
|
|
325
328
|
} else {
|
|
@@ -334,6 +337,7 @@ export class AuthorizationCodeClient {
|
|
|
334
337
|
RequestParameterBuilder.addScopes(
|
|
335
338
|
parameters,
|
|
336
339
|
request.scopes,
|
|
340
|
+
request.correlationId,
|
|
337
341
|
true,
|
|
338
342
|
this.oidcDefaultScopes
|
|
339
343
|
);
|
|
@@ -431,7 +435,8 @@ export class AuthorizationCodeClient {
|
|
|
431
435
|
RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
|
|
432
436
|
} else {
|
|
433
437
|
throw createClientConfigurationError(
|
|
434
|
-
ClientConfigurationErrorCodes.missingSshJwk
|
|
438
|
+
ClientConfigurationErrorCodes.missingSshJwk,
|
|
439
|
+
request.correlationId
|
|
435
440
|
);
|
|
436
441
|
}
|
|
437
442
|
}
|
|
@@ -519,6 +524,7 @@ export class AuthorizationCodeClient {
|
|
|
519
524
|
|
|
520
525
|
RequestParameterBuilder.addClaims(
|
|
521
526
|
parameters,
|
|
527
|
+
request.correlationId,
|
|
522
528
|
request.claims,
|
|
523
529
|
this.config.authOptions.clientCapabilities,
|
|
524
530
|
request.skipBrokerClaims
|