@azure/msal-common 16.8.0 → 16.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (364) hide show
  1. package/dist/account/AccountInfo.mjs +9 -3
  2. package/dist/account/AccountInfo.mjs.map +1 -1
  3. package/dist/account/AuthToken.mjs +9 -23
  4. package/dist/account/AuthToken.mjs.map +1 -1
  5. package/dist/account/CcsCredential.mjs +1 -1
  6. package/dist/account/ClientInfo.mjs +4 -4
  7. package/dist/account/ClientInfo.mjs.map +1 -1
  8. package/dist/account/TokenClaims.mjs +1 -1
  9. package/dist/authority/Authority.mjs +36 -37
  10. package/dist/authority/Authority.mjs.map +1 -1
  11. package/dist/authority/AuthorityFactory.mjs +3 -3
  12. package/dist/authority/AuthorityFactory.mjs.map +1 -1
  13. package/dist/authority/AuthorityMetadata.mjs +2 -2
  14. package/dist/authority/AuthorityMetadata.mjs.map +1 -1
  15. package/dist/authority/AuthorityOptions.mjs +1 -1
  16. package/dist/authority/AuthorityType.mjs +1 -1
  17. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  18. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  19. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  20. package/dist/authority/ProtocolMode.mjs +1 -1
  21. package/dist/authority/RegionDiscovery.mjs +16 -10
  22. package/dist/authority/RegionDiscovery.mjs.map +1 -1
  23. package/dist/cache/CacheManager.mjs +62 -46
  24. package/dist/cache/CacheManager.mjs.map +1 -1
  25. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  26. package/dist/cache/utils/AccountEntityUtils.mjs +23 -7
  27. package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
  28. package/dist/cache/utils/CacheHelpers.mjs +12 -4
  29. package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
  30. package/dist/client/AuthorizationCodeClient.mjs +7 -7
  31. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  32. package/dist/client/RefreshTokenClient.mjs +8 -8
  33. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  34. package/dist/client/SilentFlowClient.mjs +10 -18
  35. package/dist/client/SilentFlowClient.mjs.map +1 -1
  36. package/dist/config/ClientConfiguration.mjs +6 -5
  37. package/dist/config/ClientConfiguration.mjs.map +1 -1
  38. package/dist/constants/AADServerParamKeys.mjs +7 -3
  39. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  40. package/dist/crypto/ICrypto.mjs +11 -11
  41. package/dist/crypto/ICrypto.mjs.map +1 -1
  42. package/dist/crypto/JoseHeader.mjs +3 -3
  43. package/dist/crypto/JoseHeader.mjs.map +1 -1
  44. package/dist/crypto/PopTokenGenerator.mjs +2 -2
  45. package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
  46. package/dist/error/AuthError.mjs +5 -7
  47. package/dist/error/AuthError.mjs.map +1 -1
  48. package/dist/error/AuthErrorCodes.mjs +1 -1
  49. package/dist/error/CacheError.mjs +1 -1
  50. package/dist/error/CacheErrorCodes.mjs +1 -1
  51. package/dist/error/ClientAuthError.mjs +5 -5
  52. package/dist/error/ClientAuthError.mjs.map +1 -1
  53. package/dist/error/ClientAuthErrorCodes.mjs +2 -4
  54. package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
  55. package/dist/error/ClientConfigurationError.mjs +5 -5
  56. package/dist/error/ClientConfigurationError.mjs.map +1 -1
  57. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  58. package/dist/error/InteractionRequiredAuthError.mjs +5 -6
  59. package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  60. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  61. package/dist/error/JoseHeaderError.mjs +5 -5
  62. package/dist/error/JoseHeaderError.mjs.map +1 -1
  63. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  64. package/dist/error/NetworkError.mjs +2 -2
  65. package/dist/error/NetworkError.mjs.map +1 -1
  66. package/dist/error/PlatformBrokerError.mjs +3 -3
  67. package/dist/error/PlatformBrokerError.mjs.map +1 -1
  68. package/dist/error/ServerError.mjs +3 -3
  69. package/dist/error/ServerError.mjs.map +1 -1
  70. package/dist/index-node.mjs +1 -1
  71. package/dist/index.mjs +1 -1
  72. package/dist/logger/Logger.mjs +25 -11
  73. package/dist/logger/Logger.mjs.map +1 -1
  74. package/dist/network/INetworkModule.mjs +4 -3
  75. package/dist/network/INetworkModule.mjs.map +1 -1
  76. package/dist/network/RequestThumbprint.mjs +1 -1
  77. package/dist/network/ThrottlingUtils.mjs +2 -2
  78. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  79. package/dist/packageMetadata.mjs +2 -2
  80. package/dist/protocol/Authorize.mjs +18 -14
  81. package/dist/protocol/Authorize.mjs.map +1 -1
  82. package/dist/protocol/Token.mjs +4 -2
  83. package/dist/protocol/Token.mjs.map +1 -1
  84. package/dist/request/AuthenticationHeaderParser.mjs +4 -4
  85. package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
  86. package/dist/request/BaseAuthRequest.mjs +3 -3
  87. package/dist/request/BaseAuthRequest.mjs.map +1 -1
  88. package/dist/request/RequestParameterBuilder.mjs +50 -31
  89. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  90. package/dist/request/ScopeSet.mjs +13 -12
  91. package/dist/request/ScopeSet.mjs.map +1 -1
  92. package/dist/response/ResponseHandler.mjs +30 -27
  93. package/dist/response/ResponseHandler.mjs.map +1 -1
  94. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  95. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  96. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  97. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  98. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  99. package/dist/url/UrlString.mjs +15 -14
  100. package/dist/url/UrlString.mjs.map +1 -1
  101. package/dist/utils/ClientAssertionUtils.mjs +3 -2
  102. package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
  103. package/dist/utils/Constants.mjs +7 -3
  104. package/dist/utils/Constants.mjs.map +1 -1
  105. package/dist/utils/FunctionWrappers.mjs +1 -1
  106. package/dist/utils/ProtocolUtils.mjs +12 -9
  107. package/dist/utils/ProtocolUtils.mjs.map +1 -1
  108. package/dist/utils/StringUtils.mjs +1 -1
  109. package/dist/utils/TimeUtils.mjs +1 -1
  110. package/dist/utils/UrlUtils.mjs +4 -4
  111. package/dist/utils/UrlUtils.mjs.map +1 -1
  112. package/dist-browser/account/AccountInfo.mjs +9 -3
  113. package/dist-browser/account/AccountInfo.mjs.map +1 -1
  114. package/dist-browser/account/AuthToken.mjs +9 -23
  115. package/dist-browser/account/AuthToken.mjs.map +1 -1
  116. package/dist-browser/account/CcsCredential.mjs +1 -1
  117. package/dist-browser/account/ClientInfo.mjs +4 -4
  118. package/dist-browser/account/ClientInfo.mjs.map +1 -1
  119. package/dist-browser/account/TokenClaims.mjs +1 -1
  120. package/dist-browser/authority/Authority.mjs +52 -50
  121. package/dist-browser/authority/Authority.mjs.map +1 -1
  122. package/dist-browser/authority/AuthorityFactory.mjs +3 -3
  123. package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
  124. package/dist-browser/authority/AuthorityMetadata.mjs +8 -7
  125. package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
  126. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  127. package/dist-browser/authority/AuthorityType.mjs +1 -1
  128. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  129. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  130. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  131. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  132. package/dist-browser/authority/RegionDiscovery.mjs +16 -10
  133. package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
  134. package/dist-browser/cache/CacheManager.mjs +63 -47
  135. package/dist-browser/cache/CacheManager.mjs.map +1 -1
  136. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  137. package/dist-browser/cache/utils/AccountEntityUtils.mjs +23 -7
  138. package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
  139. package/dist-browser/cache/utils/CacheHelpers.mjs +12 -4
  140. package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
  141. package/dist-browser/client/AuthorizationCodeClient.mjs +10 -10
  142. package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
  143. package/dist-browser/client/RefreshTokenClient.mjs +9 -9
  144. package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
  145. package/dist-browser/client/SilentFlowClient.mjs +11 -19
  146. package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
  147. package/dist-browser/config/ClientConfiguration.mjs +6 -5
  148. package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
  149. package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
  150. package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
  151. package/dist-browser/crypto/ICrypto.mjs +11 -11
  152. package/dist-browser/crypto/ICrypto.mjs.map +1 -1
  153. package/dist-browser/crypto/JoseHeader.mjs +3 -3
  154. package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
  155. package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
  156. package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
  157. package/dist-browser/error/AuthError.mjs +5 -7
  158. package/dist-browser/error/AuthError.mjs.map +1 -1
  159. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  160. package/dist-browser/error/CacheError.mjs +1 -1
  161. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  162. package/dist-browser/error/ClientAuthError.mjs +5 -5
  163. package/dist-browser/error/ClientAuthError.mjs.map +1 -1
  164. package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
  165. package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
  166. package/dist-browser/error/ClientConfigurationError.mjs +5 -5
  167. package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
  168. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  169. package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
  170. package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
  171. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  172. package/dist-browser/error/JoseHeaderError.mjs +5 -5
  173. package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
  174. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  175. package/dist-browser/error/NetworkError.mjs +2 -2
  176. package/dist-browser/error/NetworkError.mjs.map +1 -1
  177. package/dist-browser/error/PlatformBrokerError.mjs +3 -3
  178. package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
  179. package/dist-browser/error/ServerError.mjs +3 -3
  180. package/dist-browser/error/ServerError.mjs.map +1 -1
  181. package/dist-browser/index-browser.mjs +1 -1
  182. package/dist-browser/index.mjs +1 -1
  183. package/dist-browser/log-strings-mapping.json +2 -2
  184. package/dist-browser/logger/Logger.mjs +25 -11
  185. package/dist-browser/logger/Logger.mjs.map +1 -1
  186. package/dist-browser/network/INetworkModule.mjs +4 -3
  187. package/dist-browser/network/INetworkModule.mjs.map +1 -1
  188. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  189. package/dist-browser/network/ThrottlingUtils.mjs +2 -2
  190. package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
  191. package/dist-browser/packageMetadata.mjs +2 -2
  192. package/dist-browser/protocol/Authorize.mjs +18 -14
  193. package/dist-browser/protocol/Authorize.mjs.map +1 -1
  194. package/dist-browser/protocol/Token.mjs +5 -3
  195. package/dist-browser/protocol/Token.mjs.map +1 -1
  196. package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
  197. package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
  198. package/dist-browser/request/BaseAuthRequest.mjs +3 -3
  199. package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
  200. package/dist-browser/request/RequestParameterBuilder.mjs +50 -31
  201. package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
  202. package/dist-browser/request/ScopeSet.mjs +13 -12
  203. package/dist-browser/request/ScopeSet.mjs.map +1 -1
  204. package/dist-browser/response/ResponseHandler.mjs +32 -29
  205. package/dist-browser/response/ResponseHandler.mjs.map +1 -1
  206. package/dist-browser/telemetry/performance/PerformanceClient.mjs +9 -9
  207. package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
  208. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
  209. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  210. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  211. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
  212. package/dist-browser/url/UrlString.mjs +15 -14
  213. package/dist-browser/url/UrlString.mjs.map +1 -1
  214. package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
  215. package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
  216. package/dist-browser/utils/Constants.mjs +7 -3
  217. package/dist-browser/utils/Constants.mjs.map +1 -1
  218. package/dist-browser/utils/FunctionWrappers.mjs +7 -7
  219. package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
  220. package/dist-browser/utils/ProtocolUtils.mjs +12 -9
  221. package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
  222. package/dist-browser/utils/StringUtils.mjs +1 -1
  223. package/dist-browser/utils/TimeUtils.mjs +1 -1
  224. package/dist-browser/utils/UrlUtils.mjs +6 -6
  225. package/dist-browser/utils/UrlUtils.mjs.map +1 -1
  226. package/lib/index-browser.cjs +8 -8
  227. package/lib/index-browser.cjs.map +1 -1
  228. package/lib/{index-node-7wFgJ2eB.js → index-node-BSFEsmmC.js} +407 -325
  229. package/lib/index-node-BSFEsmmC.js.map +1 -0
  230. package/lib/index-node.cjs +2 -2
  231. package/lib/index.cjs +2 -2
  232. package/package.json +3 -5
  233. package/src/account/AccountInfo.ts +19 -1
  234. package/src/account/AuthToken.ts +19 -21
  235. package/src/account/ClientCredentials.ts +1 -0
  236. package/src/account/ClientInfo.ts +8 -3
  237. package/src/authority/Authority.ts +73 -38
  238. package/src/authority/AuthorityFactory.ts +4 -2
  239. package/src/authority/AuthorityMetadata.ts +2 -1
  240. package/src/authority/RegionDiscovery.ts +18 -11
  241. package/src/cache/CacheManager.ts +160 -57
  242. package/src/cache/entities/AccountEntity.ts +4 -0
  243. package/src/cache/entities/CredentialEntity.ts +2 -0
  244. package/src/cache/interface/ICacheManager.ts +1 -0
  245. package/src/cache/utils/AccountEntityUtils.ts +29 -3
  246. package/src/cache/utils/CacheHelpers.ts +18 -3
  247. package/src/cache/utils/CacheTypes.ts +2 -0
  248. package/src/client/AuthorizationCodeClient.ts +10 -4
  249. package/src/client/RefreshTokenClient.ts +12 -5
  250. package/src/client/SilentFlowClient.ts +17 -20
  251. package/src/config/ClientConfiguration.ts +14 -4
  252. package/src/constants/AADServerParamKeys.ts +5 -0
  253. package/src/crypto/ICrypto.ts +40 -10
  254. package/src/crypto/JoseHeader.ts +8 -2
  255. package/src/crypto/PopTokenGenerator.ts +1 -1
  256. package/src/error/AuthError.ts +9 -5
  257. package/src/error/ClientAuthError.ts +8 -3
  258. package/src/error/ClientAuthErrorCodes.ts +0 -2
  259. package/src/error/ClientConfigurationError.ts +5 -4
  260. package/src/error/InteractionRequiredAuthError.ts +9 -5
  261. package/src/error/JoseHeaderError.ts +11 -4
  262. package/src/error/NetworkError.ts +6 -1
  263. package/src/error/PlatformBrokerError.ts +2 -1
  264. package/src/error/ServerError.ts +3 -2
  265. package/src/logger/Logger.ts +25 -10
  266. package/src/network/INetworkModule.ts +3 -2
  267. package/src/network/ThrottlingUtils.ts +1 -0
  268. package/src/packageMetadata.ts +1 -1
  269. package/src/protocol/Authorize.ts +23 -6
  270. package/src/protocol/Token.ts +6 -1
  271. package/src/request/AuthenticationHeaderParser.ts +6 -3
  272. package/src/request/BaseAuthRequest.ts +8 -2
  273. package/src/request/RequestParameterBuilder.ts +67 -43
  274. package/src/request/ScopeSet.ts +27 -11
  275. package/src/response/ImdsComputeResponse.ts +14 -0
  276. package/src/response/ResponseHandler.ts +46 -32
  277. package/src/url/UrlString.ts +32 -13
  278. package/src/utils/ClientAssertionUtils.ts +3 -1
  279. package/src/utils/Constants.ts +6 -3
  280. package/src/utils/ProtocolUtils.ts +26 -8
  281. package/src/utils/UrlUtils.ts +8 -3
  282. package/types/account/AccountInfo.d.ts +8 -2
  283. package/types/account/AccountInfo.d.ts.map +1 -1
  284. package/types/account/AuthToken.d.ts +2 -6
  285. package/types/account/AuthToken.d.ts.map +1 -1
  286. package/types/account/ClientCredentials.d.ts +1 -0
  287. package/types/account/ClientCredentials.d.ts.map +1 -1
  288. package/types/account/ClientInfo.d.ts.map +1 -1
  289. package/types/authority/Authority.d.ts +5 -5
  290. package/types/authority/Authority.d.ts.map +1 -1
  291. package/types/authority/AuthorityFactory.d.ts.map +1 -1
  292. package/types/authority/AuthorityMetadata.d.ts.map +1 -1
  293. package/types/authority/RegionDiscovery.d.ts +3 -2
  294. package/types/authority/RegionDiscovery.d.ts.map +1 -1
  295. package/types/cache/CacheManager.d.ts +0 -7
  296. package/types/cache/CacheManager.d.ts.map +1 -1
  297. package/types/cache/entities/AccountEntity.d.ts +4 -0
  298. package/types/cache/entities/AccountEntity.d.ts.map +1 -1
  299. package/types/cache/entities/CredentialEntity.d.ts +2 -0
  300. package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
  301. package/types/cache/interface/ICacheManager.d.ts +1 -0
  302. package/types/cache/interface/ICacheManager.d.ts.map +1 -1
  303. package/types/cache/utils/AccountEntityUtils.d.ts +7 -1
  304. package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
  305. package/types/cache/utils/CacheHelpers.d.ts +4 -1
  306. package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
  307. package/types/cache/utils/CacheTypes.d.ts +2 -1
  308. package/types/cache/utils/CacheTypes.d.ts.map +1 -1
  309. package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  310. package/types/client/RefreshTokenClient.d.ts.map +1 -1
  311. package/types/client/SilentFlowClient.d.ts.map +1 -1
  312. package/types/config/ClientConfiguration.d.ts +4 -0
  313. package/types/config/ClientConfiguration.d.ts.map +1 -1
  314. package/types/constants/AADServerParamKeys.d.ts +4 -0
  315. package/types/constants/AADServerParamKeys.d.ts.map +1 -1
  316. package/types/crypto/ICrypto.d.ts.map +1 -1
  317. package/types/crypto/JoseHeader.d.ts.map +1 -1
  318. package/types/error/AuthError.d.ts +2 -3
  319. package/types/error/AuthError.d.ts.map +1 -1
  320. package/types/error/ClientAuthError.d.ts +2 -2
  321. package/types/error/ClientAuthError.d.ts.map +1 -1
  322. package/types/error/ClientAuthErrorCodes.d.ts +0 -2
  323. package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
  324. package/types/error/ClientConfigurationError.d.ts +2 -2
  325. package/types/error/ClientConfigurationError.d.ts.map +1 -1
  326. package/types/error/InteractionRequiredAuthError.d.ts +2 -2
  327. package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
  328. package/types/error/JoseHeaderError.d.ts +2 -2
  329. package/types/error/JoseHeaderError.d.ts.map +1 -1
  330. package/types/error/NetworkError.d.ts.map +1 -1
  331. package/types/error/PlatformBrokerError.d.ts +1 -1
  332. package/types/error/PlatformBrokerError.d.ts.map +1 -1
  333. package/types/error/ServerError.d.ts +1 -1
  334. package/types/error/ServerError.d.ts.map +1 -1
  335. package/types/logger/Logger.d.ts.map +1 -1
  336. package/types/network/INetworkModule.d.ts.map +1 -1
  337. package/types/network/ThrottlingUtils.d.ts.map +1 -1
  338. package/types/packageMetadata.d.ts +1 -1
  339. package/types/packageMetadata.d.ts.map +1 -1
  340. package/types/protocol/Authorize.d.ts +6 -2
  341. package/types/protocol/Authorize.d.ts.map +1 -1
  342. package/types/protocol/Token.d.ts +2 -0
  343. package/types/protocol/Token.d.ts.map +1 -1
  344. package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
  345. package/types/request/BaseAuthRequest.d.ts +4 -0
  346. package/types/request/BaseAuthRequest.d.ts.map +1 -1
  347. package/types/request/RequestParameterBuilder.d.ts +13 -3
  348. package/types/request/RequestParameterBuilder.d.ts.map +1 -1
  349. package/types/request/ScopeSet.d.ts +4 -3
  350. package/types/request/ScopeSet.d.ts.map +1 -1
  351. package/types/response/ImdsComputeResponse.d.ts +10 -0
  352. package/types/response/ImdsComputeResponse.d.ts.map +1 -0
  353. package/types/response/ResponseHandler.d.ts +2 -1
  354. package/types/response/ResponseHandler.d.ts.map +1 -1
  355. package/types/url/UrlString.d.ts +5 -4
  356. package/types/url/UrlString.d.ts.map +1 -1
  357. package/types/utils/ClientAssertionUtils.d.ts +1 -1
  358. package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
  359. package/types/utils/Constants.d.ts +6 -2
  360. package/types/utils/Constants.d.ts.map +1 -1
  361. package/types/utils/ProtocolUtils.d.ts +6 -3
  362. package/types/utils/ProtocolUtils.d.ts.map +1 -1
  363. package/types/utils/UrlUtils.d.ts.map +1 -1
  364. package/lib/index-node-7wFgJ2eB.js.map +0 -1
@@ -34,6 +34,7 @@ import { ServerError } from "../error/ServerError.js";
34
34
  * @param logger
35
35
  * @param performanceClient
36
36
  * @returns
37
+ * @internal
37
38
  */
38
39
  export function getStandardAuthorizeRequestParameters(
39
40
  authOptions: AuthOptions,
@@ -60,6 +61,7 @@ export function getStandardAuthorizeRequestParameters(
60
61
  RequestParameterBuilder.addScopes(
61
62
  parameters,
62
63
  requestScopes,
64
+ request.correlationId,
63
65
  true,
64
66
  authOptions.authority.options.OIDCOptions?.defaultScopes
65
67
  );
@@ -248,6 +250,7 @@ export function getStandardAuthorizeRequestParameters(
248
250
 
249
251
  RequestParameterBuilder.addClaims(
250
252
  parameters,
253
+ request.correlationId,
251
254
  request.claims,
252
255
  authOptions.clientCapabilities,
253
256
  request.skipBrokerClaims
@@ -272,6 +275,7 @@ export function getStandardAuthorizeRequestParameters(
272
275
  * @param authority
273
276
  * @param requestParameters
274
277
  * @returns
278
+ * @internal
275
279
  */
276
280
  export function getAuthorizeUrl(
277
281
  authority: Authority,
@@ -289,18 +293,21 @@ export function getAuthorizeUrl(
289
293
  * the client to exchange for a token in acquireToken.
290
294
  * @param serverParams
291
295
  * @param cachedState
296
+ * @param correlationId
292
297
  */
293
298
  export function getAuthorizationCodePayload(
294
299
  serverParams: AuthorizeResponse,
295
- cachedState: string
300
+ cachedState: string,
301
+ correlationId: string
296
302
  ): AuthorizationCodePayload {
297
303
  // Get code response
298
- validateAuthorizationResponse(serverParams, cachedState);
304
+ validateAuthorizationResponse(serverParams, cachedState, correlationId);
299
305
 
300
306
  // throw when there is no auth code in the response
301
307
  if (!serverParams.code) {
302
308
  throw createClientAuthError(
303
- ClientAuthErrorCodes.authorizationCodeMissingFromServerResponse
309
+ ClientAuthErrorCodes.authorizationCodeMissingFromServerResponse,
310
+ correlationId
304
311
  );
305
312
  }
306
313
 
@@ -311,19 +318,23 @@ export function getAuthorizationCodePayload(
311
318
  * Function which validates server authorization code response.
312
319
  * @param serverResponseHash
313
320
  * @param requestState
321
+ * @param correlationId
314
322
  */
315
323
  export function validateAuthorizationResponse(
316
324
  serverResponse: AuthorizeResponse,
317
- requestState: string
325
+ requestState: string,
326
+ correlationId: string
318
327
  ): void {
319
328
  if (!serverResponse.state || !requestState) {
320
329
  throw serverResponse.state
321
330
  ? createClientAuthError(
322
331
  ClientAuthErrorCodes.stateNotFound,
332
+ correlationId,
323
333
  "Cached State"
324
334
  )
325
335
  : createClientAuthError(
326
336
  ClientAuthErrorCodes.stateNotFound,
337
+ correlationId,
327
338
  "Server State"
328
339
  );
329
340
  }
@@ -336,6 +347,7 @@ export function validateAuthorizationResponse(
336
347
  } catch (e) {
337
348
  throw createClientAuthError(
338
349
  ClientAuthErrorCodes.invalidState,
350
+ correlationId,
339
351
  serverResponse.state
340
352
  );
341
353
  }
@@ -345,12 +357,16 @@ export function validateAuthorizationResponse(
345
357
  } catch (e) {
346
358
  throw createClientAuthError(
347
359
  ClientAuthErrorCodes.invalidState,
360
+ correlationId,
348
361
  serverResponse.state
349
362
  );
350
363
  }
351
364
 
352
365
  if (decodedServerResponseState !== decodedRequestState) {
353
- throw createClientAuthError(ClientAuthErrorCodes.stateMismatch);
366
+ throw createClientAuthError(
367
+ ClientAuthErrorCodes.stateMismatch,
368
+ correlationId
369
+ );
354
370
  }
355
371
 
356
372
  // Check for error
@@ -369,11 +385,11 @@ export function validateAuthorizationResponse(
369
385
  ) {
370
386
  throw new InteractionRequiredAuthError(
371
387
  serverResponse.error || "",
388
+ serverResponse.correlation_id || correlationId,
372
389
  serverResponse.error_description,
373
390
  serverResponse.suberror,
374
391
  serverResponse.timestamp || "",
375
392
  serverResponse.trace_id || "",
376
- serverResponse.correlation_id || "",
377
393
  serverResponse.claims || "",
378
394
  serverErrorNo
379
395
  );
@@ -381,6 +397,7 @@ export function validateAuthorizationResponse(
381
397
 
382
398
  throw new ServerError(
383
399
  serverResponse.error || "",
400
+ serverResponse.correlation_id || correlationId,
384
401
  serverResponse.error_description,
385
402
  serverResponse.suberror,
386
403
  serverErrorNo
@@ -108,6 +108,7 @@ export function createTokenQueryParameters(
108
108
  * @param queryString
109
109
  * @param headers
110
110
  * @param thumbprint
111
+ * @internal
111
112
  */
112
113
  export async function executePostToTokenEndpoint(
113
114
  tokenEndpoint: string,
@@ -154,6 +155,7 @@ export async function executePostToTokenEndpoint(
154
155
  * @param networkClient - Network module instance
155
156
  * @param logger - Logger instance
156
157
  * @param performanceClient - Performance client instance
158
+ * @internal
157
159
  */
158
160
  export async function sendPostRequest<
159
161
  T extends ServerAuthorizationTokenResponse
@@ -215,7 +217,10 @@ export async function sendPostRequest<
215
217
  if (e instanceof AuthError) {
216
218
  throw e;
217
219
  } else {
218
- throw createClientAuthError(ClientAuthErrorCodes.networkError);
220
+ throw createClientAuthError(
221
+ ClientAuthErrorCodes.networkError,
222
+ correlationId
223
+ );
219
224
  }
220
225
  }
221
226
 
@@ -44,7 +44,8 @@ export class AuthenticationHeaderParser {
44
44
  return authenticationInfoChallenges.nextnonce;
45
45
  }
46
46
  throw createClientConfigurationError(
47
- ClientConfigurationErrorCodes.invalidAuthenticationHeader
47
+ ClientConfigurationErrorCodes.invalidAuthenticationHeader,
48
+ ""
48
49
  );
49
50
  }
50
51
 
@@ -59,13 +60,15 @@ export class AuthenticationHeaderParser {
59
60
  return wwwAuthenticateChallenges.nonce;
60
61
  }
61
62
  throw createClientConfigurationError(
62
- ClientConfigurationErrorCodes.invalidAuthenticationHeader
63
+ ClientConfigurationErrorCodes.invalidAuthenticationHeader,
64
+ ""
63
65
  );
64
66
  }
65
67
 
66
68
  // If neither header is present, throw missing headers error
67
69
  throw createClientConfigurationError(
68
- ClientConfigurationErrorCodes.missingNonceAuthenticationHeader
70
+ ClientConfigurationErrorCodes.missingNonceAuthenticationHeader,
71
+ ""
69
72
  );
70
73
  }
71
74
 
@@ -69,6 +69,10 @@ export type BaseAuthRequest = {
69
69
  azureCloudOptions?: AzureCloudOptions;
70
70
  /**
71
71
  * Maximum allowed age, in milliseconds, of the user's authentication before a new sign-in is required.
72
+ * @deprecated This option no longer has any effect and will be removed in a future major version.
73
+ * MSAL does not validate the authentication age of returned tokens. To enforce the OIDC `max_age`
74
+ * parameter, send it via `extraQueryParameters` and validate the `auth_time` claim of the returned
75
+ * token yourself.
72
76
  */
73
77
  maxAge?: number;
74
78
  /**
@@ -130,13 +134,15 @@ export function enforceResourceParameter(
130
134
  containsResourceParam(request.extraQueryParameters))
131
135
  ) {
132
136
  throw createClientAuthError(
133
- ClientAuthErrorCodes.misplacedResourceParam
137
+ ClientAuthErrorCodes.misplacedResourceParam,
138
+ request.correlationId || ""
134
139
  );
135
140
  }
136
141
 
137
142
  if (!request.resource) {
138
143
  throw createClientAuthError(
139
- ClientAuthErrorCodes.resourceParameterRequired
144
+ ClientAuthErrorCodes.resourceParameterRequired,
145
+ request.correlationId || ""
140
146
  );
141
147
  }
142
148
  }
@@ -18,7 +18,6 @@ import {
18
18
  import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
19
19
  import { ClientInfo } from "../account/ClientInfo.js";
20
20
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
21
- import { StringUtils } from "../utils/StringUtils.js";
22
21
 
23
22
  export function instrumentBrokerParams(
24
23
  parameters: Map<string, string>,
@@ -84,6 +83,7 @@ export function addNativeBroker(parameters: Map<string, string>): void {
84
83
  export function addScopes(
85
84
  parameters: Map<string, string>,
86
85
  scopes: string[],
86
+ correlationId: string,
87
87
  addOidcScopes: boolean = true,
88
88
  defaultScopes: Array<string> = Constants.OIDC_DEFAULT_SCOPES
89
89
  ): void {
@@ -98,7 +98,7 @@ export function addScopes(
98
98
  const requestScopes = addOidcScopes
99
99
  ? [...(scopes || []), ...defaultScopes]
100
100
  : scopes || [];
101
- const scopeSet = new ScopeSet(requestScopes);
101
+ const scopeSet = new ScopeSet(requestScopes, correlationId);
102
102
  parameters.set(AADServerParamKeys.SCOPE, scopeSet.printScopes());
103
103
  }
104
104
 
@@ -205,12 +205,14 @@ export function addSid(parameters: Map<string, string>, sid: string): void {
205
205
  * Adds claims to request parameters, conditionally excluding clientCapabilities
206
206
  * when skipBrokerClaims is true and a brokered flow is in effect.
207
207
  * @param parameters - The request parameters map
208
+ * @param correlationId - The request correlation id
208
209
  * @param claims - The claims string from the request
209
210
  * @param clientCapabilities - The client capabilities from configuration
210
211
  * @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
211
212
  */
212
213
  export function addClaims(
213
214
  parameters: Map<string, string>,
215
+ correlationId: string,
214
216
  claims?: string,
215
217
  clientCapabilities?: Array<string>,
216
218
  skipBrokerClaims?: boolean
@@ -221,23 +223,8 @@ export function addClaims(
221
223
  ? undefined
222
224
  : clientCapabilities;
223
225
 
224
- if (
225
- !StringUtils.isEmptyObj(claims) ||
226
- (configClaims && configClaims.length > 0)
227
- ) {
228
- const mergedClaims = addClientCapabilitiesToClaims(
229
- claims,
230
- configClaims
231
- );
232
- try {
233
- JSON.parse(mergedClaims);
234
- } catch (e) {
235
- throw createClientConfigurationError(
236
- ClientConfigurationErrorCodes.invalidClaims
237
- );
238
- }
239
- parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
240
- }
226
+ const mergedClaims = buildMergedClaims(claims, configClaims, correlationId);
227
+ parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
241
228
  }
242
229
 
243
230
  /**
@@ -335,7 +322,8 @@ export function addCodeChallengeParams(
335
322
  );
336
323
  } else {
337
324
  throw createClientConfigurationError(
338
- ClientConfigurationErrorCodes.pkceParamsMissing
325
+ ClientConfigurationErrorCodes.pkceParamsMissing,
326
+ ""
339
327
  );
340
328
  }
341
329
  }
@@ -493,9 +481,27 @@ export function addExtraParameters(
493
481
  });
494
482
  }
495
483
 
496
- export function addClientCapabilitiesToClaims(
484
+ /**
485
+ * Default optional idToken claims requested on all auth requests.
486
+ * signin_state enables KMSI detection; login_hint enables login hint propagation.
487
+ */
488
+ const DEFAULT_ID_TOKEN_CLAIMS: Record<string, { essential: false }> = {
489
+ [Constants.ClaimsRequestKeys.SIGNIN_STATE]: { essential: false },
490
+ [Constants.ClaimsRequestKeys.LOGIN_HINT]: { essential: false },
491
+ };
492
+
493
+ /**
494
+ * Parses claims JSON, merges default optional idToken claims (signin_state, login_hint),
495
+ * and appends client capabilities (xms_cc) to the access_token section.
496
+ * Does not overwrite idToken claims already specified by the caller.
497
+ * @param claims - Existing claims JSON string from the request (may be undefined)
498
+ * @param clientCapabilities - Client capabilities array from configuration
499
+ * @returns Merged claims JSON string
500
+ */
501
+ export function buildMergedClaims(
497
502
  claims?: string,
498
- clientCapabilities?: Array<string>
503
+ clientCapabilities?: Array<string>,
504
+ correlationId: string = ""
499
505
  ): string {
500
506
  let mergedClaims: object;
501
507
 
@@ -504,17 +510,44 @@ export function addClientCapabilitiesToClaims(
504
510
  mergedClaims = {};
505
511
  } else {
506
512
  try {
507
- mergedClaims = JSON.parse(claims);
513
+ const parsed = JSON.parse(claims);
514
+ if (
515
+ typeof parsed !== "object" ||
516
+ parsed === null ||
517
+ Array.isArray(parsed)
518
+ ) {
519
+ throw new Error("Claims must be a JSON object");
520
+ }
521
+ mergedClaims = parsed;
508
522
  } catch (e) {
509
523
  throw createClientConfigurationError(
510
- ClientConfigurationErrorCodes.invalidClaims
524
+ ClientConfigurationErrorCodes.invalidClaims,
525
+ correlationId
511
526
  );
512
527
  }
513
528
  }
514
529
 
530
+ // Add default optional idToken claims
531
+ if (
532
+ !Object.prototype.hasOwnProperty.call(
533
+ mergedClaims,
534
+ Constants.ClaimsRequestKeys.ID_TOKEN
535
+ )
536
+ ) {
537
+ mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN] = {};
538
+ }
539
+ const idTokenClaims = mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN];
540
+ for (const [key, value] of Object.entries(DEFAULT_ID_TOKEN_CLAIMS)) {
541
+ if (!(key in idTokenClaims)) {
542
+ idTokenClaims[key] = value;
543
+ }
544
+ }
545
+
546
+ // Add client capabilities
515
547
  if (clientCapabilities && clientCapabilities.length > 0) {
516
548
  if (
517
- !mergedClaims.hasOwnProperty(
549
+ !Object.prototype.hasOwnProperty.call(
550
+ mergedClaims,
518
551
  Constants.ClaimsRequestKeys.ACCESS_TOKEN
519
552
  )
520
553
  ) {
@@ -591,29 +624,20 @@ export function addSshJwk(
591
624
  /**
592
625
  * add server telemetry fields
593
626
  * @param serverTelemetryManager
627
+ * @internal
594
628
  */
595
629
  export function addServerTelemetry(
596
630
  parameters: Map<string, string>,
597
631
  serverTelemetryManager: ServerTelemetryManager
598
632
  ): void {
599
- const currentTelemetryHeader =
600
- serverTelemetryManager.generateCurrentRequestHeaderValue();
601
- const lastTelemetryHeader =
602
- serverTelemetryManager.generateLastRequestHeaderValue();
603
-
604
- if (currentTelemetryHeader) {
605
- parameters.set(
606
- AADServerParamKeys.X_CLIENT_CURR_TELEM,
607
- currentTelemetryHeader
608
- );
609
- }
610
-
611
- if (lastTelemetryHeader) {
612
- parameters.set(
613
- AADServerParamKeys.X_CLIENT_LAST_TELEM,
614
- lastTelemetryHeader
615
- );
616
- }
633
+ parameters.set(
634
+ AADServerParamKeys.X_CLIENT_CURR_TELEM,
635
+ serverTelemetryManager.generateCurrentRequestHeaderValue()
636
+ );
637
+ parameters.set(
638
+ AADServerParamKeys.X_CLIENT_LAST_TELEM,
639
+ serverTelemetryManager.generateLastRequestHeaderValue()
640
+ );
617
641
  }
618
642
 
619
643
  /**
@@ -26,8 +26,10 @@ import {
26
26
  export class ScopeSet {
27
27
  // Scopes as a Set of strings
28
28
  private scopes: Set<string>;
29
+ private correlationId: string;
29
30
 
30
- constructor(inputScopes: Array<string>) {
31
+ constructor(inputScopes: Array<string>, correlationId: string) {
32
+ this.correlationId = correlationId;
31
33
  // Filter empty string and null/undefined array items
32
34
  const scopeArr = inputScopes
33
35
  ? StringUtils.trimArrayEntries([...inputScopes])
@@ -39,7 +41,8 @@ export class ScopeSet {
39
41
  // Check if scopes array has at least one member
40
42
  if (!filteredInput || !filteredInput.length) {
41
43
  throw createClientConfigurationError(
42
- ClientConfigurationErrorCodes.emptyInputScopesError
44
+ ClientConfigurationErrorCodes.emptyInputScopesError,
45
+ correlationId
43
46
  );
44
47
  }
45
48
 
@@ -53,10 +56,13 @@ export class ScopeSet {
53
56
  * @param appClientId
54
57
  * @param scopesRequired
55
58
  */
56
- static fromString(inputScopeString: string): ScopeSet {
59
+ static fromString(
60
+ inputScopeString: string,
61
+ correlationId: string
62
+ ): ScopeSet {
57
63
  const scopeString = inputScopeString || "";
58
64
  const inputScopes: Array<string> = scopeString.split(" ");
59
- return new ScopeSet(inputScopes);
65
+ return new ScopeSet(inputScopes, correlationId);
60
66
  }
61
67
 
62
68
  /**
@@ -64,14 +70,17 @@ export class ScopeSet {
64
70
  * @param inputScopeString
65
71
  * @returns
66
72
  */
67
- static createSearchScopes(inputScopeString: Array<string>): ScopeSet {
73
+ static createSearchScopes(
74
+ inputScopeString: Array<string>,
75
+ correlationId: string
76
+ ): ScopeSet {
68
77
  // Handle empty scopes by using default OIDC scopes for cache lookup
69
78
  const scopesToUse =
70
79
  inputScopeString && inputScopeString.length > 0
71
80
  ? inputScopeString
72
81
  : [...OIDC_DEFAULT_SCOPES];
73
82
 
74
- const scopeSet = new ScopeSet(scopesToUse);
83
+ const scopeSet = new ScopeSet(scopesToUse, correlationId);
75
84
  if (!scopeSet.containsOnlyOIDCScopes()) {
76
85
  scopeSet.removeOIDCScopes();
77
86
  } else {
@@ -87,7 +96,10 @@ export class ScopeSet {
87
96
  */
88
97
  containsScope(scope: string): boolean {
89
98
  const lowerCaseScopes = this.printScopesLowerCase().split(" ");
90
- const lowerCaseScopesSet = new ScopeSet(lowerCaseScopes);
99
+ const lowerCaseScopesSet = new ScopeSet(
100
+ lowerCaseScopes,
101
+ this.correlationId
102
+ );
91
103
  // compare lowercase scopes
92
104
  return scope
93
105
  ? lowerCaseScopesSet.scopes.has(scope.toLowerCase())
@@ -142,7 +154,8 @@ export class ScopeSet {
142
154
  newScopes.forEach((newScope) => this.appendScope(newScope));
143
155
  } catch (e) {
144
156
  throw createClientAuthError(
145
- ClientAuthErrorCodes.cannotAppendScopeSet
157
+ ClientAuthErrorCodes.cannotAppendScopeSet,
158
+ this.correlationId
146
159
  );
147
160
  }
148
161
  }
@@ -154,7 +167,8 @@ export class ScopeSet {
154
167
  removeScope(scope: string): void {
155
168
  if (!scope) {
156
169
  throw createClientAuthError(
157
- ClientAuthErrorCodes.cannotRemoveEmptyScope
170
+ ClientAuthErrorCodes.cannotRemoveEmptyScope,
171
+ this.correlationId
158
172
  );
159
173
  }
160
174
  this.scopes.delete(scope.trim());
@@ -177,7 +191,8 @@ export class ScopeSet {
177
191
  unionScopeSets(otherScopes: ScopeSet): Set<string> {
178
192
  if (!otherScopes) {
179
193
  throw createClientAuthError(
180
- ClientAuthErrorCodes.emptyInputScopeSet
194
+ ClientAuthErrorCodes.emptyInputScopeSet,
195
+ this.correlationId
181
196
  );
182
197
  }
183
198
  const unionScopes = new Set<string>(); // Iterator in constructor not supported in IE11
@@ -195,7 +210,8 @@ export class ScopeSet {
195
210
  intersectingScopeSets(otherScopes: ScopeSet): boolean {
196
211
  if (!otherScopes) {
197
212
  throw createClientAuthError(
198
- ClientAuthErrorCodes.emptyInputScopeSet
213
+ ClientAuthErrorCodes.emptyInputScopeSet,
214
+ this.correlationId
199
215
  );
200
216
  }
201
217
 
@@ -0,0 +1,14 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ /**
7
+ * Response body returned by the IMDS compute metadata endpoint
8
+ * (http://169.254.169.254/metadata/instance/compute). Only the `location`
9
+ * field is used for region auto-discovery. `location` is optional because the
10
+ * IMDS response can legitimately omit it or return `null`.
11
+ */
12
+ export type ImdsComputeResponse = {
13
+ location?: string;
14
+ };