@azure/msal-common 16.9.0 → 16.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +9 -3
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +9 -23
- package/dist/account/AuthToken.mjs.map +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/CcsCredential.mjs.map +1 -1
- package/dist/account/ClientInfo.mjs +4 -4
- package/dist/account/ClientInfo.mjs.map +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/account/TokenClaims.mjs.map +1 -1
- package/dist/authority/Authority.mjs +36 -37
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +3 -3
- package/dist/authority/AuthorityFactory.mjs.map +1 -1
- package/dist/authority/AuthorityMetadata.mjs +2 -2
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs.map +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/AuthorityType.mjs.map +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs.map +1 -1
- package/dist/authority/RegionDiscovery.mjs +16 -10
- package/dist/authority/RegionDiscovery.mjs.map +1 -1
- package/dist/cache/CacheManager.mjs +62 -46
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs.map +1 -1
- package/dist/cache/utils/AccountEntityUtils.mjs +18 -8
- package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +10 -5
- package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +7 -7
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +8 -8
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +10 -18
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.mjs +3 -3
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +7 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +11 -11
- package/dist/crypto/ICrypto.mjs.map +1 -1
- package/dist/crypto/JoseHeader.mjs +3 -3
- package/dist/crypto/JoseHeader.mjs.map +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +2 -2
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.mjs +5 -7
- package/dist/error/AuthError.mjs.map +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +5 -5
- package/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +5 -5
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +5 -5
- package/dist/error/JoseHeaderError.mjs.map +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +2 -2
- package/dist/error/NetworkError.mjs.map +1 -1
- package/dist/error/PlatformBrokerError.mjs +3 -3
- package/dist/error/PlatformBrokerError.mjs.map +1 -1
- package/dist/error/ServerError.mjs +3 -3
- package/dist/error/ServerError.mjs.map +1 -1
- package/dist/index-node.mjs +53 -53
- package/dist/index.mjs +59 -59
- package/dist/logger/Logger.mjs +1 -1
- package/dist/logger/Logger.mjs.map +1 -1
- package/dist/network/INetworkModule.mjs +4 -3
- package/dist/network/INetworkModule.mjs.map +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.mjs +2 -2
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +16 -14
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/protocol/Token.mjs +2 -2
- package/dist/protocol/Token.mjs.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist/request/BaseAuthRequest.mjs +3 -3
- package/dist/request/BaseAuthRequest.mjs.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +51 -33
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +13 -12
- package/dist/request/ScopeSet.mjs.map +1 -1
- package/dist/response/ResponseHandler.mjs +29 -27
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +2 -2
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.mjs +15 -14
- package/dist/url/UrlString.mjs.map +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +3 -2
- package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist/utils/Constants.mjs +7 -3
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/FunctionWrappers.mjs.map +1 -1
- package/dist/utils/ProtocolUtils.mjs +12 -9
- package/dist/utils/ProtocolUtils.mjs.map +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs.map +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/utils/UrlUtils.mjs +4 -4
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/dist-browser/account/AccountInfo.mjs +9 -3
- package/dist-browser/account/AccountInfo.mjs.map +1 -1
- package/dist-browser/account/AuthToken.mjs +9 -23
- package/dist-browser/account/AuthToken.mjs.map +1 -1
- package/dist-browser/account/CcsCredential.mjs +1 -1
- package/dist-browser/account/CcsCredential.mjs.map +1 -1
- package/dist-browser/account/ClientInfo.mjs +4 -4
- package/dist-browser/account/ClientInfo.mjs.map +1 -1
- package/dist-browser/account/TokenClaims.mjs +1 -1
- package/dist-browser/account/TokenClaims.mjs.map +1 -1
- package/dist-browser/authority/Authority.mjs +36 -37
- package/dist-browser/authority/Authority.mjs.map +1 -1
- package/dist-browser/authority/AuthorityFactory.mjs +3 -3
- package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
- package/dist-browser/authority/AuthorityMetadata.mjs +2 -2
- package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist-browser/authority/AuthorityOptions.mjs +1 -1
- package/dist-browser/authority/AuthorityOptions.mjs.map +1 -1
- package/dist-browser/authority/AuthorityType.mjs +1 -1
- package/dist-browser/authority/AuthorityType.mjs.map +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist-browser/authority/ProtocolMode.mjs +1 -1
- package/dist-browser/authority/ProtocolMode.mjs.map +1 -1
- package/dist-browser/authority/RegionDiscovery.mjs +16 -10
- package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
- package/dist-browser/cache/CacheManager.mjs +62 -46
- package/dist-browser/cache/CacheManager.mjs.map +1 -1
- package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist-browser/cache/persistence/TokenCacheContext.mjs.map +1 -1
- package/dist-browser/cache/utils/AccountEntityUtils.mjs +18 -8
- package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist-browser/cache/utils/CacheHelpers.mjs +10 -5
- package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist-browser/client/AuthorizationCodeClient.mjs +7 -7
- package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist-browser/client/RefreshTokenClient.mjs +8 -8
- package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
- package/dist-browser/client/SilentFlowClient.mjs +10 -18
- package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
- package/dist-browser/config/ClientConfiguration.mjs +3 -3
- package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
- package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
- package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist-browser/crypto/ICrypto.mjs +11 -11
- package/dist-browser/crypto/ICrypto.mjs.map +1 -1
- package/dist-browser/crypto/JoseHeader.mjs +3 -3
- package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
- package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
- package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist-browser/error/AuthError.mjs +5 -7
- package/dist-browser/error/AuthError.mjs.map +1 -1
- package/dist-browser/error/AuthErrorCodes.mjs +1 -1
- package/dist-browser/error/CacheError.mjs +1 -1
- package/dist-browser/error/CacheError.mjs.map +1 -1
- package/dist-browser/error/CacheErrorCodes.mjs +1 -1
- package/dist-browser/error/ClientAuthError.mjs +5 -5
- package/dist-browser/error/ClientAuthError.mjs.map +1 -1
- package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationError.mjs +5 -5
- package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist-browser/error/JoseHeaderError.mjs +5 -5
- package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
- package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist-browser/error/NetworkError.mjs +2 -2
- package/dist-browser/error/NetworkError.mjs.map +1 -1
- package/dist-browser/error/PlatformBrokerError.mjs +3 -3
- package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
- package/dist-browser/error/ServerError.mjs +3 -3
- package/dist-browser/error/ServerError.mjs.map +1 -1
- package/dist-browser/index-browser.mjs +55 -55
- package/dist-browser/index.mjs +59 -59
- package/dist-browser/log-strings-mapping.json +2 -2
- package/dist-browser/logger/Logger.mjs +1 -1
- package/dist-browser/logger/Logger.mjs.map +1 -1
- package/dist-browser/network/INetworkModule.mjs +4 -3
- package/dist-browser/network/INetworkModule.mjs.map +1 -1
- package/dist-browser/network/RequestThumbprint.mjs +1 -1
- package/dist-browser/network/ThrottlingUtils.mjs +2 -2
- package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
- package/dist-browser/packageMetadata.mjs +2 -2
- package/dist-browser/protocol/Authorize.mjs +16 -14
- package/dist-browser/protocol/Authorize.mjs.map +1 -1
- package/dist-browser/protocol/Token.mjs +2 -2
- package/dist-browser/protocol/Token.mjs.map +1 -1
- package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist-browser/request/BaseAuthRequest.mjs +3 -3
- package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
- package/dist-browser/request/RequestParameterBuilder.mjs +51 -33
- package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist-browser/request/ScopeSet.mjs +13 -12
- package/dist-browser/request/ScopeSet.mjs.map +1 -1
- package/dist-browser/response/ResponseHandler.mjs +29 -27
- package/dist-browser/response/ResponseHandler.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist-browser/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +2 -2
- package/dist-browser/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist-browser/url/UrlString.mjs +15 -14
- package/dist-browser/url/UrlString.mjs.map +1 -1
- package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
- package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist-browser/utils/Constants.mjs +7 -3
- package/dist-browser/utils/Constants.mjs.map +1 -1
- package/dist-browser/utils/FunctionWrappers.mjs +1 -1
- package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
- package/dist-browser/utils/ProtocolUtils.mjs +12 -9
- package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
- package/dist-browser/utils/StringUtils.mjs +1 -1
- package/dist-browser/utils/StringUtils.mjs.map +1 -1
- package/dist-browser/utils/TimeUtils.mjs +1 -1
- package/dist-browser/utils/TimeUtils.mjs.map +1 -1
- package/dist-browser/utils/UrlUtils.mjs +4 -4
- package/dist-browser/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +8 -8
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-CcOYLhxB.js → index-node-BSFEsmmC.js} +364 -312
- package/lib/index-node-BSFEsmmC.js.map +1 -0
- package/lib/index-node.cjs +2 -2
- package/lib/index.cjs +2 -2
- package/package.json +1 -1
- package/src/account/AccountInfo.ts +19 -1
- package/src/account/AuthToken.ts +19 -21
- package/src/account/ClientCredentials.ts +1 -0
- package/src/account/ClientInfo.ts +8 -3
- package/src/authority/Authority.ts +72 -37
- package/src/authority/AuthorityFactory.ts +4 -2
- package/src/authority/AuthorityMetadata.ts +2 -1
- package/src/authority/RegionDiscovery.ts +18 -11
- package/src/cache/CacheManager.ts +160 -57
- package/src/cache/entities/AccountEntity.ts +4 -0
- package/src/cache/entities/CredentialEntity.ts +2 -0
- package/src/cache/utils/AccountEntityUtils.ts +23 -3
- package/src/cache/utils/CacheHelpers.ts +15 -3
- package/src/cache/utils/CacheTypes.ts +2 -0
- package/src/client/AuthorizationCodeClient.ts +10 -4
- package/src/client/RefreshTokenClient.ts +12 -5
- package/src/client/SilentFlowClient.ts +17 -20
- package/src/config/ClientConfiguration.ts +8 -2
- package/src/constants/AADServerParamKeys.ts +5 -0
- package/src/crypto/ICrypto.ts +40 -10
- package/src/crypto/JoseHeader.ts +8 -2
- package/src/crypto/PopTokenGenerator.ts +1 -1
- package/src/error/AuthError.ts +9 -5
- package/src/error/ClientAuthError.ts +8 -3
- package/src/error/ClientAuthErrorCodes.ts +0 -2
- package/src/error/ClientConfigurationError.ts +5 -4
- package/src/error/InteractionRequiredAuthError.ts +9 -5
- package/src/error/JoseHeaderError.ts +11 -4
- package/src/error/NetworkError.ts +6 -1
- package/src/error/PlatformBrokerError.ts +2 -1
- package/src/error/ServerError.ts +3 -2
- package/src/network/INetworkModule.ts +3 -2
- package/src/network/ThrottlingUtils.ts +1 -0
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +21 -6
- package/src/protocol/Token.ts +4 -1
- package/src/request/AuthenticationHeaderParser.ts +6 -3
- package/src/request/BaseAuthRequest.ts +8 -2
- package/src/request/RequestParameterBuilder.ts +66 -43
- package/src/request/ScopeSet.ts +27 -11
- package/src/response/ImdsComputeResponse.ts +14 -0
- package/src/response/ResponseHandler.ts +45 -32
- package/src/url/UrlString.ts +32 -13
- package/src/utils/ClientAssertionUtils.ts +3 -1
- package/src/utils/Constants.ts +6 -3
- package/src/utils/ProtocolUtils.ts +26 -8
- package/src/utils/UrlUtils.ts +8 -3
- package/types/account/AccountInfo.d.ts +8 -2
- package/types/account/AccountInfo.d.ts.map +1 -1
- package/types/account/AuthToken.d.ts +2 -6
- package/types/account/AuthToken.d.ts.map +1 -1
- package/types/account/ClientCredentials.d.ts +1 -0
- package/types/account/ClientCredentials.d.ts.map +1 -1
- package/types/account/ClientInfo.d.ts.map +1 -1
- package/types/authority/Authority.d.ts +4 -4
- package/types/authority/Authority.d.ts.map +1 -1
- package/types/authority/AuthorityFactory.d.ts.map +1 -1
- package/types/authority/AuthorityMetadata.d.ts.map +1 -1
- package/types/authority/RegionDiscovery.d.ts +3 -2
- package/types/authority/RegionDiscovery.d.ts.map +1 -1
- package/types/cache/CacheManager.d.ts +0 -7
- package/types/cache/CacheManager.d.ts.map +1 -1
- package/types/cache/entities/AccountEntity.d.ts +4 -0
- package/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/types/cache/entities/CredentialEntity.d.ts +2 -0
- package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/types/cache/utils/AccountEntityUtils.d.ts +1 -1
- package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
- package/types/cache/utils/CacheHelpers.d.ts +1 -1
- package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/types/cache/utils/CacheTypes.d.ts +2 -1
- package/types/cache/utils/CacheTypes.d.ts.map +1 -1
- package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/types/client/SilentFlowClient.d.ts.map +1 -1
- package/types/config/ClientConfiguration.d.ts.map +1 -1
- package/types/constants/AADServerParamKeys.d.ts +4 -0
- package/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/types/crypto/ICrypto.d.ts.map +1 -1
- package/types/crypto/JoseHeader.d.ts.map +1 -1
- package/types/error/AuthError.d.ts +2 -3
- package/types/error/AuthError.d.ts.map +1 -1
- package/types/error/ClientAuthError.d.ts +2 -2
- package/types/error/ClientAuthError.d.ts.map +1 -1
- package/types/error/ClientAuthErrorCodes.d.ts +0 -2
- package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/types/error/ClientConfigurationError.d.ts +2 -2
- package/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/types/error/InteractionRequiredAuthError.d.ts +2 -2
- package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/types/error/JoseHeaderError.d.ts +2 -2
- package/types/error/JoseHeaderError.d.ts.map +1 -1
- package/types/error/NetworkError.d.ts.map +1 -1
- package/types/error/PlatformBrokerError.d.ts +1 -1
- package/types/error/PlatformBrokerError.d.ts.map +1 -1
- package/types/error/ServerError.d.ts +1 -1
- package/types/error/ServerError.d.ts.map +1 -1
- package/types/network/INetworkModule.d.ts.map +1 -1
- package/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/packageMetadata.d.ts.map +1 -1
- package/types/protocol/Authorize.d.ts +4 -2
- package/types/protocol/Authorize.d.ts.map +1 -1
- package/types/protocol/Token.d.ts.map +1 -1
- package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/types/request/BaseAuthRequest.d.ts +4 -0
- package/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/types/request/RequestParameterBuilder.d.ts +12 -3
- package/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/types/request/ScopeSet.d.ts +4 -3
- package/types/request/ScopeSet.d.ts.map +1 -1
- package/types/response/ImdsComputeResponse.d.ts +10 -0
- package/types/response/ImdsComputeResponse.d.ts.map +1 -0
- package/types/response/ResponseHandler.d.ts +1 -1
- package/types/response/ResponseHandler.d.ts.map +1 -1
- package/types/url/UrlString.d.ts +5 -4
- package/types/url/UrlString.d.ts.map +1 -1
- package/types/utils/ClientAssertionUtils.d.ts +1 -1
- package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
- package/types/utils/Constants.d.ts +6 -2
- package/types/utils/Constants.d.ts.map +1 -1
- package/types/utils/ProtocolUtils.d.ts +6 -3
- package/types/utils/ProtocolUtils.d.ts.map +1 -1
- package/types/utils/UrlUtils.d.ts.map +1 -1
- package/lib/index-node-CcOYLhxB.js.map +0 -1
|
@@ -402,7 +402,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
402
402
|
if (idToken) {
|
|
403
403
|
idTokenClaims = extractTokenClaims(
|
|
404
404
|
idToken.secret,
|
|
405
|
-
this.cryptoImpl.base64Decode
|
|
405
|
+
this.cryptoImpl.base64Decode,
|
|
406
|
+
correlationId
|
|
406
407
|
);
|
|
407
408
|
|
|
408
409
|
if (
|
|
@@ -525,6 +526,14 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
525
526
|
return false;
|
|
526
527
|
}
|
|
527
528
|
|
|
529
|
+
if (
|
|
530
|
+
!!tenantProfileFilter.nativeAccountId &&
|
|
531
|
+
tenantProfile.nativeAccountId !==
|
|
532
|
+
tenantProfileFilter.nativeAccountId
|
|
533
|
+
) {
|
|
534
|
+
return false;
|
|
535
|
+
}
|
|
536
|
+
|
|
528
537
|
return true;
|
|
529
538
|
}
|
|
530
539
|
|
|
@@ -601,7 +610,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
601
610
|
): Promise<void> {
|
|
602
611
|
if (!cacheRecord) {
|
|
603
612
|
throw createClientAuthError(
|
|
604
|
-
ClientAuthErrorCodes.invalidCacheRecord
|
|
613
|
+
ClientAuthErrorCodes.invalidCacheRecord,
|
|
614
|
+
correlationId
|
|
605
615
|
);
|
|
606
616
|
}
|
|
607
617
|
|
|
@@ -680,7 +690,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
680
690
|
};
|
|
681
691
|
|
|
682
692
|
const tokenKeys = this.getTokenKeys();
|
|
683
|
-
const currentScopes = ScopeSet.fromString(
|
|
693
|
+
const currentScopes = ScopeSet.fromString(
|
|
694
|
+
credential.target,
|
|
695
|
+
correlationId
|
|
696
|
+
);
|
|
684
697
|
|
|
685
698
|
tokenKeys.accessToken.forEach((key) => {
|
|
686
699
|
if (
|
|
@@ -702,7 +715,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
702
715
|
correlationId
|
|
703
716
|
)
|
|
704
717
|
) {
|
|
705
|
-
const tokenScopeSet = ScopeSet.fromString(
|
|
718
|
+
const tokenScopeSet = ScopeSet.fromString(
|
|
719
|
+
tokenEntity.target,
|
|
720
|
+
correlationId
|
|
721
|
+
);
|
|
706
722
|
if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
|
|
707
723
|
this.removeAccessToken(key, correlationId);
|
|
708
724
|
}
|
|
@@ -759,16 +775,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
759
775
|
return;
|
|
760
776
|
}
|
|
761
777
|
|
|
762
|
-
if (
|
|
763
|
-
!!accountFilter.nativeAccountId &&
|
|
764
|
-
!this.matchNativeAccountId(
|
|
765
|
-
entity,
|
|
766
|
-
accountFilter.nativeAccountId
|
|
767
|
-
)
|
|
768
|
-
) {
|
|
769
|
-
return;
|
|
770
|
-
}
|
|
771
|
-
|
|
772
778
|
if (
|
|
773
779
|
!!accountFilter.authorityType &&
|
|
774
780
|
!this.matchAuthorityType(entity, accountFilter.authorityType)
|
|
@@ -783,6 +789,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
783
789
|
username: accountFilter?.username,
|
|
784
790
|
loginHint: accountFilter?.loginHint,
|
|
785
791
|
upn: accountFilter?.upn,
|
|
792
|
+
nativeAccountId: accountFilter?.nativeAccountId,
|
|
786
793
|
};
|
|
787
794
|
|
|
788
795
|
const matchingTenantProfiles = entity.tenantProfiles?.filter(
|
|
@@ -865,7 +872,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
865
872
|
* idTokens do not have "target", target specific refreshTokens do exist for some types of authentication
|
|
866
873
|
* Resource specific refresh tokens case will be added when the support is deemed necessary
|
|
867
874
|
*/
|
|
868
|
-
if (
|
|
875
|
+
if (
|
|
876
|
+
!!filter.target &&
|
|
877
|
+
!this.matchTarget(entity, filter.target, correlationId)
|
|
878
|
+
) {
|
|
869
879
|
return false;
|
|
870
880
|
}
|
|
871
881
|
|
|
@@ -889,6 +899,34 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
889
899
|
}
|
|
890
900
|
}
|
|
891
901
|
|
|
902
|
+
// Additional cache key components matching (bidirectional isolation)
|
|
903
|
+
const entityComponents = entity.additionalCacheKeyComponents;
|
|
904
|
+
const filterComponents = filter.additionalCacheKeyComponents;
|
|
905
|
+
const entityHasComponents =
|
|
906
|
+
!!entityComponents && Object.keys(entityComponents).length > 0;
|
|
907
|
+
const filterHasComponents =
|
|
908
|
+
!!filterComponents && Object.keys(filterComponents).length > 0;
|
|
909
|
+
|
|
910
|
+
if (entityHasComponents !== filterHasComponents) {
|
|
911
|
+
return false;
|
|
912
|
+
}
|
|
913
|
+
if (entityHasComponents && filterHasComponents) {
|
|
914
|
+
const entityKeys = Object.keys(entityComponents).sort();
|
|
915
|
+
const filterKeys = Object.keys(filterComponents).sort();
|
|
916
|
+
if (entityKeys.length !== filterKeys.length) {
|
|
917
|
+
return false;
|
|
918
|
+
}
|
|
919
|
+
for (let i = 0; i < entityKeys.length; i++) {
|
|
920
|
+
if (
|
|
921
|
+
entityKeys[i] !== filterKeys[i] ||
|
|
922
|
+
entityComponents[entityKeys[i]] !==
|
|
923
|
+
filterComponents[filterKeys[i]]
|
|
924
|
+
) {
|
|
925
|
+
return false;
|
|
926
|
+
}
|
|
927
|
+
}
|
|
928
|
+
}
|
|
929
|
+
|
|
892
930
|
return true;
|
|
893
931
|
}
|
|
894
932
|
|
|
@@ -1289,7 +1327,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1289
1327
|
"CacheManager - getAccessToken called",
|
|
1290
1328
|
correlationId
|
|
1291
1329
|
);
|
|
1292
|
-
const scopes = ScopeSet.createSearchScopes(
|
|
1330
|
+
const scopes = ScopeSet.createSearchScopes(
|
|
1331
|
+
request.scopes,
|
|
1332
|
+
correlationId
|
|
1333
|
+
);
|
|
1293
1334
|
const authScheme =
|
|
1294
1335
|
request.authenticationScheme ||
|
|
1295
1336
|
Constants.AuthenticationScheme.BEARER;
|
|
@@ -1599,7 +1640,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1599
1640
|
return null;
|
|
1600
1641
|
} else if (numAppMetadata > 1) {
|
|
1601
1642
|
throw createClientAuthError(
|
|
1602
|
-
ClientAuthErrorCodes.multipleMatchingAppMetadata
|
|
1643
|
+
ClientAuthErrorCodes.multipleMatchingAppMetadata,
|
|
1644
|
+
correlationId
|
|
1603
1645
|
);
|
|
1604
1646
|
}
|
|
1605
1647
|
|
|
@@ -1806,21 +1848,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1806
1848
|
return !!(entity.realm?.toLowerCase() === realm.toLowerCase());
|
|
1807
1849
|
}
|
|
1808
1850
|
|
|
1809
|
-
/**
|
|
1810
|
-
* helper to match nativeAccountId
|
|
1811
|
-
* @param entity
|
|
1812
|
-
* @param nativeAccountId
|
|
1813
|
-
* @returns boolean indicating the match result
|
|
1814
|
-
*/
|
|
1815
|
-
private matchNativeAccountId(
|
|
1816
|
-
entity: AccountEntity,
|
|
1817
|
-
nativeAccountId: string
|
|
1818
|
-
): boolean {
|
|
1819
|
-
return !!(
|
|
1820
|
-
entity.nativeAccountId && nativeAccountId === entity.nativeAccountId
|
|
1821
|
-
);
|
|
1822
|
-
}
|
|
1823
|
-
|
|
1824
1851
|
/**
|
|
1825
1852
|
* helper to match loginHint which can be either:
|
|
1826
1853
|
* 1. login_hint ID token claim
|
|
@@ -1879,7 +1906,11 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1879
1906
|
* @param entity
|
|
1880
1907
|
* @param target
|
|
1881
1908
|
*/
|
|
1882
|
-
private matchTarget(
|
|
1909
|
+
private matchTarget(
|
|
1910
|
+
entity: CredentialEntity,
|
|
1911
|
+
target: ScopeSet,
|
|
1912
|
+
correlationId: string
|
|
1913
|
+
): boolean {
|
|
1883
1914
|
const isNotAccessTokenCredential =
|
|
1884
1915
|
entity.credentialType !== Constants.CredentialType.ACCESS_TOKEN &&
|
|
1885
1916
|
entity.credentialType !==
|
|
@@ -1889,7 +1920,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1889
1920
|
return false;
|
|
1890
1921
|
}
|
|
1891
1922
|
|
|
1892
|
-
const entityScopeSet: ScopeSet = ScopeSet.fromString(
|
|
1923
|
+
const entityScopeSet: ScopeSet = ScopeSet.fromString(
|
|
1924
|
+
entity.target,
|
|
1925
|
+
correlationId
|
|
1926
|
+
);
|
|
1893
1927
|
|
|
1894
1928
|
return entityScopeSet.containsScopeSet(target);
|
|
1895
1929
|
}
|
|
@@ -1954,72 +1988,141 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1954
1988
|
/** @internal */
|
|
1955
1989
|
export class DefaultStorageClass extends CacheManager {
|
|
1956
1990
|
async setAccount(): Promise<void> {
|
|
1957
|
-
throw createClientAuthError(
|
|
1991
|
+
throw createClientAuthError(
|
|
1992
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
1993
|
+
""
|
|
1994
|
+
);
|
|
1958
1995
|
}
|
|
1959
1996
|
getAccount(): AccountEntity {
|
|
1960
|
-
throw createClientAuthError(
|
|
1997
|
+
throw createClientAuthError(
|
|
1998
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
1999
|
+
""
|
|
2000
|
+
);
|
|
1961
2001
|
}
|
|
1962
2002
|
async setIdTokenCredential(): Promise<void> {
|
|
1963
|
-
throw createClientAuthError(
|
|
2003
|
+
throw createClientAuthError(
|
|
2004
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2005
|
+
""
|
|
2006
|
+
);
|
|
1964
2007
|
}
|
|
1965
2008
|
getIdTokenCredential(): IdTokenEntity {
|
|
1966
|
-
throw createClientAuthError(
|
|
2009
|
+
throw createClientAuthError(
|
|
2010
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2011
|
+
""
|
|
2012
|
+
);
|
|
1967
2013
|
}
|
|
1968
2014
|
async setAccessTokenCredential(): Promise<void> {
|
|
1969
|
-
throw createClientAuthError(
|
|
2015
|
+
throw createClientAuthError(
|
|
2016
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2017
|
+
""
|
|
2018
|
+
);
|
|
1970
2019
|
}
|
|
1971
2020
|
getAccessTokenCredential(): AccessTokenEntity {
|
|
1972
|
-
throw createClientAuthError(
|
|
2021
|
+
throw createClientAuthError(
|
|
2022
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2023
|
+
""
|
|
2024
|
+
);
|
|
1973
2025
|
}
|
|
1974
2026
|
async setRefreshTokenCredential(): Promise<void> {
|
|
1975
|
-
throw createClientAuthError(
|
|
2027
|
+
throw createClientAuthError(
|
|
2028
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2029
|
+
""
|
|
2030
|
+
);
|
|
1976
2031
|
}
|
|
1977
2032
|
getRefreshTokenCredential(): RefreshTokenEntity {
|
|
1978
|
-
throw createClientAuthError(
|
|
2033
|
+
throw createClientAuthError(
|
|
2034
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2035
|
+
""
|
|
2036
|
+
);
|
|
1979
2037
|
}
|
|
1980
2038
|
setAppMetadata(): void {
|
|
1981
|
-
throw createClientAuthError(
|
|
2039
|
+
throw createClientAuthError(
|
|
2040
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2041
|
+
""
|
|
2042
|
+
);
|
|
1982
2043
|
}
|
|
1983
2044
|
getAppMetadata(): AppMetadataEntity {
|
|
1984
|
-
throw createClientAuthError(
|
|
2045
|
+
throw createClientAuthError(
|
|
2046
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2047
|
+
""
|
|
2048
|
+
);
|
|
1985
2049
|
}
|
|
1986
2050
|
setServerTelemetry(): void {
|
|
1987
|
-
throw createClientAuthError(
|
|
2051
|
+
throw createClientAuthError(
|
|
2052
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2053
|
+
""
|
|
2054
|
+
);
|
|
1988
2055
|
}
|
|
1989
2056
|
getServerTelemetry(): ServerTelemetryEntity {
|
|
1990
|
-
throw createClientAuthError(
|
|
2057
|
+
throw createClientAuthError(
|
|
2058
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2059
|
+
""
|
|
2060
|
+
);
|
|
1991
2061
|
}
|
|
1992
2062
|
setAuthorityMetadata(): void {
|
|
1993
|
-
throw createClientAuthError(
|
|
2063
|
+
throw createClientAuthError(
|
|
2064
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2065
|
+
""
|
|
2066
|
+
);
|
|
1994
2067
|
}
|
|
1995
2068
|
getAuthorityMetadata(): AuthorityMetadataEntity | null {
|
|
1996
|
-
throw createClientAuthError(
|
|
2069
|
+
throw createClientAuthError(
|
|
2070
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2071
|
+
""
|
|
2072
|
+
);
|
|
1997
2073
|
}
|
|
1998
2074
|
getAuthorityMetadataKeys(): Array<string> {
|
|
1999
|
-
throw createClientAuthError(
|
|
2075
|
+
throw createClientAuthError(
|
|
2076
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2077
|
+
""
|
|
2078
|
+
);
|
|
2000
2079
|
}
|
|
2001
2080
|
setThrottlingCache(): void {
|
|
2002
|
-
throw createClientAuthError(
|
|
2081
|
+
throw createClientAuthError(
|
|
2082
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2083
|
+
""
|
|
2084
|
+
);
|
|
2003
2085
|
}
|
|
2004
2086
|
getThrottlingCache(): ThrottlingEntity {
|
|
2005
|
-
throw createClientAuthError(
|
|
2087
|
+
throw createClientAuthError(
|
|
2088
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2089
|
+
""
|
|
2090
|
+
);
|
|
2006
2091
|
}
|
|
2007
2092
|
removeItem(): boolean {
|
|
2008
|
-
throw createClientAuthError(
|
|
2093
|
+
throw createClientAuthError(
|
|
2094
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2095
|
+
""
|
|
2096
|
+
);
|
|
2009
2097
|
}
|
|
2010
2098
|
getKeys(): string[] {
|
|
2011
|
-
throw createClientAuthError(
|
|
2099
|
+
throw createClientAuthError(
|
|
2100
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2101
|
+
""
|
|
2102
|
+
);
|
|
2012
2103
|
}
|
|
2013
2104
|
getAccountKeys(): string[] {
|
|
2014
|
-
throw createClientAuthError(
|
|
2105
|
+
throw createClientAuthError(
|
|
2106
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2107
|
+
""
|
|
2108
|
+
);
|
|
2015
2109
|
}
|
|
2016
2110
|
getTokenKeys(): TokenKeys {
|
|
2017
|
-
throw createClientAuthError(
|
|
2111
|
+
throw createClientAuthError(
|
|
2112
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2113
|
+
""
|
|
2114
|
+
);
|
|
2018
2115
|
}
|
|
2019
2116
|
generateCredentialKey(): string {
|
|
2020
|
-
throw createClientAuthError(
|
|
2117
|
+
throw createClientAuthError(
|
|
2118
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2119
|
+
""
|
|
2120
|
+
);
|
|
2021
2121
|
}
|
|
2022
2122
|
generateAccountKey(): string {
|
|
2023
|
-
throw createClientAuthError(
|
|
2123
|
+
throw createClientAuthError(
|
|
2124
|
+
ClientAuthErrorCodes.methodNotImplemented,
|
|
2125
|
+
""
|
|
2126
|
+
);
|
|
2024
2127
|
}
|
|
2025
2128
|
}
|
|
@@ -42,6 +42,10 @@ export type AccountEntity = {
|
|
|
42
42
|
lastModificationApp?: string;
|
|
43
43
|
cloudGraphHostName?: string;
|
|
44
44
|
msGraphHost?: string;
|
|
45
|
+
/**
|
|
46
|
+
* @deprecated Use tenantProfiles[].nativeAccountId instead. Kept for cache downgrade compatibility.
|
|
47
|
+
* Will be removed at the next ACCOUNT_SCHEMA_VERSION bump.
|
|
48
|
+
*/
|
|
45
49
|
nativeAccountId?: string;
|
|
46
50
|
tenantProfiles?: Array<TenantProfile>;
|
|
47
51
|
/** Timestamp when the entry was last updated */
|
|
@@ -31,6 +31,8 @@ export type CredentialEntity = {
|
|
|
31
31
|
tokenType?: AuthenticationScheme;
|
|
32
32
|
/** KeyId for PoP and SSH tokens stored in the kid claim */
|
|
33
33
|
keyId?: string;
|
|
34
|
+
/** Additional cache key components for cache isolation (e.g., { fmi_path: "..." }). Stored as raw key-value pairs; a combined hash is computed at key-generation time. */
|
|
35
|
+
additionalCacheKeyComponents?: Record<string, string>;
|
|
34
36
|
/** Timestamp when the entry was last updated */
|
|
35
37
|
lastUpdatedAt: string;
|
|
36
38
|
};
|
|
@@ -54,10 +54,18 @@ export function getAccountInfo(accountEntity: AccountEntity): AccountInfo {
|
|
|
54
54
|
buildTenantProfile(
|
|
55
55
|
accountEntity.homeAccountId,
|
|
56
56
|
accountEntity.localAccountId,
|
|
57
|
-
accountEntity.realm
|
|
57
|
+
accountEntity.realm,
|
|
58
|
+
accountEntity.nativeAccountId
|
|
58
59
|
)
|
|
59
60
|
);
|
|
60
61
|
}
|
|
62
|
+
// Resolve nativeAccountId from the home tenant profile first, fall back to top-level (deprecated) for old cache entries
|
|
63
|
+
const homeTenantProfile = tenantProfiles.find(
|
|
64
|
+
(tp) => tp.tenantId === accountEntity.realm
|
|
65
|
+
);
|
|
66
|
+
const nativeAccountId =
|
|
67
|
+
homeTenantProfile?.nativeAccountId || accountEntity.nativeAccountId;
|
|
68
|
+
|
|
61
69
|
return {
|
|
62
70
|
homeAccountId: accountEntity.homeAccountId,
|
|
63
71
|
environment: accountEntity.environment,
|
|
@@ -66,7 +74,7 @@ export function getAccountInfo(accountEntity: AccountEntity): AccountInfo {
|
|
|
66
74
|
localAccountId: accountEntity.localAccountId,
|
|
67
75
|
loginHint: accountEntity.loginHint,
|
|
68
76
|
name: accountEntity.name,
|
|
69
|
-
nativeAccountId:
|
|
77
|
+
nativeAccountId: nativeAccountId,
|
|
70
78
|
authorityType: accountEntity.authorityType,
|
|
71
79
|
// Deserialize tenant profiles array into a Map
|
|
72
80
|
tenantProfiles: new Map(
|
|
@@ -103,6 +111,7 @@ export function createAccountEntity(
|
|
|
103
111
|
tenantProfiles?: Array<TenantProfile>;
|
|
104
112
|
},
|
|
105
113
|
authority: Authority,
|
|
114
|
+
correlationId: string,
|
|
106
115
|
base64Decode?: (input: string) => string
|
|
107
116
|
): AccountEntity {
|
|
108
117
|
let authorityType;
|
|
@@ -130,7 +139,8 @@ export function createAccountEntity(
|
|
|
130
139
|
|
|
131
140
|
if (!env) {
|
|
132
141
|
throw createClientAuthError(
|
|
133
|
-
ClientAuthErrorCodes.invalidCacheEnvironment
|
|
142
|
+
ClientAuthErrorCodes.invalidCacheEnvironment,
|
|
143
|
+
correlationId
|
|
134
144
|
);
|
|
135
145
|
}
|
|
136
146
|
|
|
@@ -168,6 +178,7 @@ export function createAccountEntity(
|
|
|
168
178
|
accountDetails.homeAccountId,
|
|
169
179
|
localAccountId,
|
|
170
180
|
realm,
|
|
181
|
+
accountDetails.nativeAccountId,
|
|
171
182
|
accountDetails.idTokenClaims
|
|
172
183
|
);
|
|
173
184
|
tenantProfiles = [tenantProfile];
|
|
@@ -221,9 +232,18 @@ export function createAccountEntityFromAccountInfo(
|
|
|
221
232
|
accountInfo.homeAccountId,
|
|
222
233
|
accountInfo.localAccountId,
|
|
223
234
|
accountInfo.tenantId,
|
|
235
|
+
accountInfo.nativeAccountId,
|
|
224
236
|
accountInfo.idTokenClaims
|
|
225
237
|
)
|
|
226
238
|
);
|
|
239
|
+
} else if (accountInfo.nativeAccountId) {
|
|
240
|
+
// Ensure nativeAccountId is set on the matching tenant profile
|
|
241
|
+
const matchingProfile = tenantProfiles.find(
|
|
242
|
+
(tp) => tp.tenantId === accountInfo.tenantId
|
|
243
|
+
);
|
|
244
|
+
if (matchingProfile && !matchingProfile.nativeAccountId) {
|
|
245
|
+
matchingProfile.nativeAccountId = accountInfo.nativeAccountId;
|
|
246
|
+
}
|
|
227
247
|
}
|
|
228
248
|
return {
|
|
229
249
|
authorityType:
|
|
@@ -68,10 +68,12 @@ export function createAccessTokenEntity(
|
|
|
68
68
|
expiresOn: number,
|
|
69
69
|
extExpiresOn: number,
|
|
70
70
|
base64Decode: (input: string) => string,
|
|
71
|
+
correlationId: string,
|
|
71
72
|
refreshOn?: number,
|
|
72
73
|
tokenType?: Constants.AuthenticationScheme,
|
|
73
74
|
userAssertionHash?: string,
|
|
74
|
-
keyId?: string
|
|
75
|
+
keyId?: string,
|
|
76
|
+
additionalCacheKeyComponents?: Record<string, string>
|
|
75
77
|
): AccessTokenEntity {
|
|
76
78
|
const atEntity: AccessTokenEntity = {
|
|
77
79
|
homeAccountId: homeAccountId,
|
|
@@ -111,11 +113,13 @@ export function createAccessTokenEntity(
|
|
|
111
113
|
// Make sure keyId is present and add it to credential
|
|
112
114
|
const tokenClaims: TokenClaims | null = extractTokenClaims(
|
|
113
115
|
accessToken,
|
|
114
|
-
base64Decode
|
|
116
|
+
base64Decode,
|
|
117
|
+
correlationId
|
|
115
118
|
);
|
|
116
119
|
if (!tokenClaims?.cnf?.kid) {
|
|
117
120
|
throw createClientAuthError(
|
|
118
|
-
ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt
|
|
121
|
+
ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt,
|
|
122
|
+
correlationId
|
|
119
123
|
);
|
|
120
124
|
}
|
|
121
125
|
atEntity.keyId = tokenClaims.cnf.kid;
|
|
@@ -125,6 +129,14 @@ export function createAccessTokenEntity(
|
|
|
125
129
|
}
|
|
126
130
|
}
|
|
127
131
|
|
|
132
|
+
/* Additional cache key components for cache isolation (e.g., FMI path) */
|
|
133
|
+
if (
|
|
134
|
+
additionalCacheKeyComponents &&
|
|
135
|
+
Object.keys(additionalCacheKeyComponents).length > 0
|
|
136
|
+
) {
|
|
137
|
+
atEntity.additionalCacheKeyComponents = additionalCacheKeyComponents;
|
|
138
|
+
}
|
|
139
|
+
|
|
128
140
|
return atEntity;
|
|
129
141
|
}
|
|
130
142
|
|
|
@@ -72,6 +72,7 @@ export type TenantProfileFilter = Pick<
|
|
|
72
72
|
| "isHomeTenant"
|
|
73
73
|
| "username"
|
|
74
74
|
| "upn"
|
|
75
|
+
| "nativeAccountId"
|
|
75
76
|
>;
|
|
76
77
|
|
|
77
78
|
/**
|
|
@@ -88,6 +89,7 @@ export type CredentialFilter = {
|
|
|
88
89
|
userAssertionHash?: string;
|
|
89
90
|
tokenType?: AuthenticationScheme;
|
|
90
91
|
keyId?: string;
|
|
92
|
+
additionalCacheKeyComponents?: Record<string, string>;
|
|
91
93
|
};
|
|
92
94
|
|
|
93
95
|
/**
|
|
@@ -132,7 +132,8 @@ export class AuthorizationCodeClient {
|
|
|
132
132
|
): Promise<AuthenticationResult> {
|
|
133
133
|
if (!request.code) {
|
|
134
134
|
throw createClientAuthError(
|
|
135
|
-
ClientAuthErrorCodes.requestCannotBeMade
|
|
135
|
+
ClientAuthErrorCodes.requestCannotBeMade,
|
|
136
|
+
request.correlationId
|
|
136
137
|
);
|
|
137
138
|
}
|
|
138
139
|
|
|
@@ -205,7 +206,8 @@ export class AuthorizationCodeClient {
|
|
|
205
206
|
// Throw error if logoutRequest is null/undefined
|
|
206
207
|
if (!logoutRequest) {
|
|
207
208
|
throw createClientConfigurationError(
|
|
208
|
-
ClientConfigurationErrorCodes.logoutRequestEmpty
|
|
209
|
+
ClientConfigurationErrorCodes.logoutRequestEmpty,
|
|
210
|
+
""
|
|
209
211
|
);
|
|
210
212
|
}
|
|
211
213
|
const queryString = this.createLogoutUrlQueryString(logoutRequest);
|
|
@@ -319,7 +321,8 @@ export class AuthorizationCodeClient {
|
|
|
319
321
|
// Just validate
|
|
320
322
|
if (!request.redirectUri) {
|
|
321
323
|
throw createClientConfigurationError(
|
|
322
|
-
ClientConfigurationErrorCodes.redirectUriEmpty
|
|
324
|
+
ClientConfigurationErrorCodes.redirectUriEmpty,
|
|
325
|
+
request.correlationId
|
|
323
326
|
);
|
|
324
327
|
}
|
|
325
328
|
} else {
|
|
@@ -334,6 +337,7 @@ export class AuthorizationCodeClient {
|
|
|
334
337
|
RequestParameterBuilder.addScopes(
|
|
335
338
|
parameters,
|
|
336
339
|
request.scopes,
|
|
340
|
+
request.correlationId,
|
|
337
341
|
true,
|
|
338
342
|
this.oidcDefaultScopes
|
|
339
343
|
);
|
|
@@ -431,7 +435,8 @@ export class AuthorizationCodeClient {
|
|
|
431
435
|
RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
|
|
432
436
|
} else {
|
|
433
437
|
throw createClientConfigurationError(
|
|
434
|
-
ClientConfigurationErrorCodes.missingSshJwk
|
|
438
|
+
ClientConfigurationErrorCodes.missingSshJwk,
|
|
439
|
+
request.correlationId
|
|
435
440
|
);
|
|
436
441
|
}
|
|
437
442
|
}
|
|
@@ -519,6 +524,7 @@ export class AuthorizationCodeClient {
|
|
|
519
524
|
|
|
520
525
|
RequestParameterBuilder.addClaims(
|
|
521
526
|
parameters,
|
|
527
|
+
request.correlationId,
|
|
522
528
|
request.claims,
|
|
523
529
|
this.config.authOptions.clientCapabilities,
|
|
524
530
|
request.skipBrokerClaims
|
|
@@ -177,13 +177,15 @@ export class RefreshTokenClient {
|
|
|
177
177
|
// Cannot renew token if no request object is given.
|
|
178
178
|
if (!request) {
|
|
179
179
|
throw createClientConfigurationError(
|
|
180
|
-
ClientConfigurationErrorCodes.tokenRequestEmpty
|
|
180
|
+
ClientConfigurationErrorCodes.tokenRequestEmpty,
|
|
181
|
+
""
|
|
181
182
|
);
|
|
182
183
|
}
|
|
183
184
|
// We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases
|
|
184
185
|
if (!request.account) {
|
|
185
186
|
throw createClientAuthError(
|
|
186
|
-
ClientAuthErrorCodes.noAccountInSilentRequest
|
|
187
|
+
ClientAuthErrorCodes.noAccountInSilentRequest,
|
|
188
|
+
request.correlationId
|
|
187
189
|
);
|
|
188
190
|
}
|
|
189
191
|
|
|
@@ -258,7 +260,8 @@ export class RefreshTokenClient {
|
|
|
258
260
|
|
|
259
261
|
if (!refreshToken) {
|
|
260
262
|
throw createInteractionRequiredAuthError(
|
|
261
|
-
InteractionRequiredAuthErrorCodes.noTokensFound
|
|
263
|
+
InteractionRequiredAuthErrorCodes.noTokensFound,
|
|
264
|
+
request.correlationId
|
|
262
265
|
);
|
|
263
266
|
}
|
|
264
267
|
|
|
@@ -276,7 +279,8 @@ export class RefreshTokenClient {
|
|
|
276
279
|
|
|
277
280
|
if (TimeUtils.isTokenExpired(refreshToken.expiresOn, offset)) {
|
|
278
281
|
throw createInteractionRequiredAuthError(
|
|
279
|
-
InteractionRequiredAuthErrorCodes.refreshTokenExpired
|
|
282
|
+
InteractionRequiredAuthErrorCodes.refreshTokenExpired,
|
|
283
|
+
request.correlationId
|
|
280
284
|
);
|
|
281
285
|
}
|
|
282
286
|
}
|
|
@@ -407,6 +411,7 @@ export class RefreshTokenClient {
|
|
|
407
411
|
RequestParameterBuilder.addScopes(
|
|
408
412
|
parameters,
|
|
409
413
|
request.scopes,
|
|
414
|
+
request.correlationId,
|
|
410
415
|
true,
|
|
411
416
|
this.config.authOptions.authority.options.OIDCOptions?.defaultScopes
|
|
412
417
|
);
|
|
@@ -497,7 +502,8 @@ export class RefreshTokenClient {
|
|
|
497
502
|
RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
|
|
498
503
|
} else {
|
|
499
504
|
throw createClientConfigurationError(
|
|
500
|
-
ClientConfigurationErrorCodes.missingSshJwk
|
|
505
|
+
ClientConfigurationErrorCodes.missingSshJwk,
|
|
506
|
+
request.correlationId
|
|
501
507
|
);
|
|
502
508
|
}
|
|
503
509
|
}
|
|
@@ -554,6 +560,7 @@ export class RefreshTokenClient {
|
|
|
554
560
|
|
|
555
561
|
RequestParameterBuilder.addClaims(
|
|
556
562
|
parameters,
|
|
563
|
+
request.correlationId,
|
|
557
564
|
request.claims,
|
|
558
565
|
this.config.authOptions.clientCapabilities,
|
|
559
566
|
request.skipBrokerClaims
|