@azure/msal-common 16.9.0 → 16.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (383) hide show
  1. package/dist/account/AccountInfo.mjs +9 -3
  2. package/dist/account/AccountInfo.mjs.map +1 -1
  3. package/dist/account/AuthToken.mjs +9 -23
  4. package/dist/account/AuthToken.mjs.map +1 -1
  5. package/dist/account/CcsCredential.mjs +1 -1
  6. package/dist/account/CcsCredential.mjs.map +1 -1
  7. package/dist/account/ClientInfo.mjs +4 -4
  8. package/dist/account/ClientInfo.mjs.map +1 -1
  9. package/dist/account/TokenClaims.mjs +1 -1
  10. package/dist/account/TokenClaims.mjs.map +1 -1
  11. package/dist/authority/Authority.mjs +36 -37
  12. package/dist/authority/Authority.mjs.map +1 -1
  13. package/dist/authority/AuthorityFactory.mjs +3 -3
  14. package/dist/authority/AuthorityFactory.mjs.map +1 -1
  15. package/dist/authority/AuthorityMetadata.mjs +2 -2
  16. package/dist/authority/AuthorityMetadata.mjs.map +1 -1
  17. package/dist/authority/AuthorityOptions.mjs +1 -1
  18. package/dist/authority/AuthorityOptions.mjs.map +1 -1
  19. package/dist/authority/AuthorityType.mjs +1 -1
  20. package/dist/authority/AuthorityType.mjs.map +1 -1
  21. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  22. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  23. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  24. package/dist/authority/ProtocolMode.mjs +1 -1
  25. package/dist/authority/ProtocolMode.mjs.map +1 -1
  26. package/dist/authority/RegionDiscovery.mjs +16 -10
  27. package/dist/authority/RegionDiscovery.mjs.map +1 -1
  28. package/dist/cache/CacheManager.mjs +62 -46
  29. package/dist/cache/CacheManager.mjs.map +1 -1
  30. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  31. package/dist/cache/persistence/TokenCacheContext.mjs.map +1 -1
  32. package/dist/cache/utils/AccountEntityUtils.mjs +18 -8
  33. package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
  34. package/dist/cache/utils/CacheHelpers.mjs +10 -5
  35. package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
  36. package/dist/client/AuthorizationCodeClient.mjs +7 -7
  37. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  38. package/dist/client/RefreshTokenClient.mjs +8 -8
  39. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  40. package/dist/client/SilentFlowClient.mjs +10 -18
  41. package/dist/client/SilentFlowClient.mjs.map +1 -1
  42. package/dist/config/ClientConfiguration.mjs +3 -3
  43. package/dist/config/ClientConfiguration.mjs.map +1 -1
  44. package/dist/constants/AADServerParamKeys.mjs +7 -3
  45. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  46. package/dist/crypto/ICrypto.mjs +11 -11
  47. package/dist/crypto/ICrypto.mjs.map +1 -1
  48. package/dist/crypto/JoseHeader.mjs +3 -3
  49. package/dist/crypto/JoseHeader.mjs.map +1 -1
  50. package/dist/crypto/PopTokenGenerator.mjs +2 -2
  51. package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
  52. package/dist/error/AuthError.mjs +5 -7
  53. package/dist/error/AuthError.mjs.map +1 -1
  54. package/dist/error/AuthErrorCodes.mjs +1 -1
  55. package/dist/error/CacheError.mjs +1 -1
  56. package/dist/error/CacheError.mjs.map +1 -1
  57. package/dist/error/CacheErrorCodes.mjs +1 -1
  58. package/dist/error/ClientAuthError.mjs +5 -5
  59. package/dist/error/ClientAuthError.mjs.map +1 -1
  60. package/dist/error/ClientAuthErrorCodes.mjs +2 -4
  61. package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
  62. package/dist/error/ClientConfigurationError.mjs +5 -5
  63. package/dist/error/ClientConfigurationError.mjs.map +1 -1
  64. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  65. package/dist/error/InteractionRequiredAuthError.mjs +5 -6
  66. package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  67. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  68. package/dist/error/JoseHeaderError.mjs +5 -5
  69. package/dist/error/JoseHeaderError.mjs.map +1 -1
  70. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  71. package/dist/error/NetworkError.mjs +2 -2
  72. package/dist/error/NetworkError.mjs.map +1 -1
  73. package/dist/error/PlatformBrokerError.mjs +3 -3
  74. package/dist/error/PlatformBrokerError.mjs.map +1 -1
  75. package/dist/error/ServerError.mjs +3 -3
  76. package/dist/error/ServerError.mjs.map +1 -1
  77. package/dist/index-node.mjs +53 -53
  78. package/dist/index.mjs +59 -59
  79. package/dist/logger/Logger.mjs +1 -1
  80. package/dist/logger/Logger.mjs.map +1 -1
  81. package/dist/network/INetworkModule.mjs +4 -3
  82. package/dist/network/INetworkModule.mjs.map +1 -1
  83. package/dist/network/RequestThumbprint.mjs +1 -1
  84. package/dist/network/ThrottlingUtils.mjs +2 -2
  85. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  86. package/dist/packageMetadata.mjs +2 -2
  87. package/dist/protocol/Authorize.mjs +16 -14
  88. package/dist/protocol/Authorize.mjs.map +1 -1
  89. package/dist/protocol/Token.mjs +2 -2
  90. package/dist/protocol/Token.mjs.map +1 -1
  91. package/dist/request/AuthenticationHeaderParser.mjs +4 -4
  92. package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
  93. package/dist/request/BaseAuthRequest.mjs +3 -3
  94. package/dist/request/BaseAuthRequest.mjs.map +1 -1
  95. package/dist/request/RequestParameterBuilder.mjs +51 -33
  96. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  97. package/dist/request/ScopeSet.mjs +13 -12
  98. package/dist/request/ScopeSet.mjs.map +1 -1
  99. package/dist/response/ResponseHandler.mjs +29 -27
  100. package/dist/response/ResponseHandler.mjs.map +1 -1
  101. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  102. package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
  103. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  104. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  105. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  106. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  107. package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
  108. package/dist/telemetry/server/ServerTelemetryManager.mjs +2 -2
  109. package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  110. package/dist/url/UrlString.mjs +15 -14
  111. package/dist/url/UrlString.mjs.map +1 -1
  112. package/dist/utils/ClientAssertionUtils.mjs +3 -2
  113. package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
  114. package/dist/utils/Constants.mjs +7 -3
  115. package/dist/utils/Constants.mjs.map +1 -1
  116. package/dist/utils/FunctionWrappers.mjs +1 -1
  117. package/dist/utils/FunctionWrappers.mjs.map +1 -1
  118. package/dist/utils/ProtocolUtils.mjs +12 -9
  119. package/dist/utils/ProtocolUtils.mjs.map +1 -1
  120. package/dist/utils/StringUtils.mjs +1 -1
  121. package/dist/utils/StringUtils.mjs.map +1 -1
  122. package/dist/utils/TimeUtils.mjs +1 -1
  123. package/dist/utils/TimeUtils.mjs.map +1 -1
  124. package/dist/utils/UrlUtils.mjs +4 -4
  125. package/dist/utils/UrlUtils.mjs.map +1 -1
  126. package/dist-browser/account/AccountInfo.mjs +9 -3
  127. package/dist-browser/account/AccountInfo.mjs.map +1 -1
  128. package/dist-browser/account/AuthToken.mjs +9 -23
  129. package/dist-browser/account/AuthToken.mjs.map +1 -1
  130. package/dist-browser/account/CcsCredential.mjs +1 -1
  131. package/dist-browser/account/CcsCredential.mjs.map +1 -1
  132. package/dist-browser/account/ClientInfo.mjs +4 -4
  133. package/dist-browser/account/ClientInfo.mjs.map +1 -1
  134. package/dist-browser/account/TokenClaims.mjs +1 -1
  135. package/dist-browser/account/TokenClaims.mjs.map +1 -1
  136. package/dist-browser/authority/Authority.mjs +36 -37
  137. package/dist-browser/authority/Authority.mjs.map +1 -1
  138. package/dist-browser/authority/AuthorityFactory.mjs +3 -3
  139. package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
  140. package/dist-browser/authority/AuthorityMetadata.mjs +2 -2
  141. package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
  142. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  143. package/dist-browser/authority/AuthorityOptions.mjs.map +1 -1
  144. package/dist-browser/authority/AuthorityType.mjs +1 -1
  145. package/dist-browser/authority/AuthorityType.mjs.map +1 -1
  146. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  147. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  148. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  149. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  150. package/dist-browser/authority/ProtocolMode.mjs.map +1 -1
  151. package/dist-browser/authority/RegionDiscovery.mjs +16 -10
  152. package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
  153. package/dist-browser/cache/CacheManager.mjs +62 -46
  154. package/dist-browser/cache/CacheManager.mjs.map +1 -1
  155. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  156. package/dist-browser/cache/persistence/TokenCacheContext.mjs.map +1 -1
  157. package/dist-browser/cache/utils/AccountEntityUtils.mjs +18 -8
  158. package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
  159. package/dist-browser/cache/utils/CacheHelpers.mjs +10 -5
  160. package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
  161. package/dist-browser/client/AuthorizationCodeClient.mjs +7 -7
  162. package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
  163. package/dist-browser/client/RefreshTokenClient.mjs +8 -8
  164. package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
  165. package/dist-browser/client/SilentFlowClient.mjs +10 -18
  166. package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
  167. package/dist-browser/config/ClientConfiguration.mjs +3 -3
  168. package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
  169. package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
  170. package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
  171. package/dist-browser/crypto/ICrypto.mjs +11 -11
  172. package/dist-browser/crypto/ICrypto.mjs.map +1 -1
  173. package/dist-browser/crypto/JoseHeader.mjs +3 -3
  174. package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
  175. package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
  176. package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
  177. package/dist-browser/error/AuthError.mjs +5 -7
  178. package/dist-browser/error/AuthError.mjs.map +1 -1
  179. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  180. package/dist-browser/error/CacheError.mjs +1 -1
  181. package/dist-browser/error/CacheError.mjs.map +1 -1
  182. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  183. package/dist-browser/error/ClientAuthError.mjs +5 -5
  184. package/dist-browser/error/ClientAuthError.mjs.map +1 -1
  185. package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
  186. package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
  187. package/dist-browser/error/ClientConfigurationError.mjs +5 -5
  188. package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
  189. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  190. package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
  191. package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
  192. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  193. package/dist-browser/error/JoseHeaderError.mjs +5 -5
  194. package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
  195. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  196. package/dist-browser/error/NetworkError.mjs +2 -2
  197. package/dist-browser/error/NetworkError.mjs.map +1 -1
  198. package/dist-browser/error/PlatformBrokerError.mjs +3 -3
  199. package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
  200. package/dist-browser/error/ServerError.mjs +3 -3
  201. package/dist-browser/error/ServerError.mjs.map +1 -1
  202. package/dist-browser/index-browser.mjs +55 -55
  203. package/dist-browser/index.mjs +59 -59
  204. package/dist-browser/log-strings-mapping.json +2 -2
  205. package/dist-browser/logger/Logger.mjs +1 -1
  206. package/dist-browser/logger/Logger.mjs.map +1 -1
  207. package/dist-browser/network/INetworkModule.mjs +4 -3
  208. package/dist-browser/network/INetworkModule.mjs.map +1 -1
  209. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  210. package/dist-browser/network/ThrottlingUtils.mjs +2 -2
  211. package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
  212. package/dist-browser/packageMetadata.mjs +2 -2
  213. package/dist-browser/protocol/Authorize.mjs +16 -14
  214. package/dist-browser/protocol/Authorize.mjs.map +1 -1
  215. package/dist-browser/protocol/Token.mjs +2 -2
  216. package/dist-browser/protocol/Token.mjs.map +1 -1
  217. package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
  218. package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
  219. package/dist-browser/request/BaseAuthRequest.mjs +3 -3
  220. package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
  221. package/dist-browser/request/RequestParameterBuilder.mjs +51 -33
  222. package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
  223. package/dist-browser/request/ScopeSet.mjs +13 -12
  224. package/dist-browser/request/ScopeSet.mjs.map +1 -1
  225. package/dist-browser/response/ResponseHandler.mjs +29 -27
  226. package/dist-browser/response/ResponseHandler.mjs.map +1 -1
  227. package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
  228. package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
  229. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
  230. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  231. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  232. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  233. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
  234. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +2 -2
  235. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  236. package/dist-browser/url/UrlString.mjs +15 -14
  237. package/dist-browser/url/UrlString.mjs.map +1 -1
  238. package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
  239. package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
  240. package/dist-browser/utils/Constants.mjs +7 -3
  241. package/dist-browser/utils/Constants.mjs.map +1 -1
  242. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  243. package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
  244. package/dist-browser/utils/ProtocolUtils.mjs +12 -9
  245. package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
  246. package/dist-browser/utils/StringUtils.mjs +1 -1
  247. package/dist-browser/utils/StringUtils.mjs.map +1 -1
  248. package/dist-browser/utils/TimeUtils.mjs +1 -1
  249. package/dist-browser/utils/TimeUtils.mjs.map +1 -1
  250. package/dist-browser/utils/UrlUtils.mjs +4 -4
  251. package/dist-browser/utils/UrlUtils.mjs.map +1 -1
  252. package/lib/index-browser.cjs +8 -8
  253. package/lib/index-browser.cjs.map +1 -1
  254. package/lib/{index-node-CcOYLhxB.js → index-node-BSFEsmmC.js} +364 -312
  255. package/lib/index-node-BSFEsmmC.js.map +1 -0
  256. package/lib/index-node.cjs +2 -2
  257. package/lib/index.cjs +2 -2
  258. package/package.json +1 -1
  259. package/src/account/AccountInfo.ts +19 -1
  260. package/src/account/AuthToken.ts +19 -21
  261. package/src/account/ClientCredentials.ts +1 -0
  262. package/src/account/ClientInfo.ts +8 -3
  263. package/src/authority/Authority.ts +72 -37
  264. package/src/authority/AuthorityFactory.ts +4 -2
  265. package/src/authority/AuthorityMetadata.ts +2 -1
  266. package/src/authority/RegionDiscovery.ts +18 -11
  267. package/src/cache/CacheManager.ts +160 -57
  268. package/src/cache/entities/AccountEntity.ts +4 -0
  269. package/src/cache/entities/CredentialEntity.ts +2 -0
  270. package/src/cache/utils/AccountEntityUtils.ts +23 -3
  271. package/src/cache/utils/CacheHelpers.ts +15 -3
  272. package/src/cache/utils/CacheTypes.ts +2 -0
  273. package/src/client/AuthorizationCodeClient.ts +10 -4
  274. package/src/client/RefreshTokenClient.ts +12 -5
  275. package/src/client/SilentFlowClient.ts +17 -20
  276. package/src/config/ClientConfiguration.ts +8 -2
  277. package/src/constants/AADServerParamKeys.ts +5 -0
  278. package/src/crypto/ICrypto.ts +40 -10
  279. package/src/crypto/JoseHeader.ts +8 -2
  280. package/src/crypto/PopTokenGenerator.ts +1 -1
  281. package/src/error/AuthError.ts +9 -5
  282. package/src/error/ClientAuthError.ts +8 -3
  283. package/src/error/ClientAuthErrorCodes.ts +0 -2
  284. package/src/error/ClientConfigurationError.ts +5 -4
  285. package/src/error/InteractionRequiredAuthError.ts +9 -5
  286. package/src/error/JoseHeaderError.ts +11 -4
  287. package/src/error/NetworkError.ts +6 -1
  288. package/src/error/PlatformBrokerError.ts +2 -1
  289. package/src/error/ServerError.ts +3 -2
  290. package/src/network/INetworkModule.ts +3 -2
  291. package/src/network/ThrottlingUtils.ts +1 -0
  292. package/src/packageMetadata.ts +1 -1
  293. package/src/protocol/Authorize.ts +21 -6
  294. package/src/protocol/Token.ts +4 -1
  295. package/src/request/AuthenticationHeaderParser.ts +6 -3
  296. package/src/request/BaseAuthRequest.ts +8 -2
  297. package/src/request/RequestParameterBuilder.ts +66 -43
  298. package/src/request/ScopeSet.ts +27 -11
  299. package/src/response/ImdsComputeResponse.ts +14 -0
  300. package/src/response/ResponseHandler.ts +45 -32
  301. package/src/url/UrlString.ts +32 -13
  302. package/src/utils/ClientAssertionUtils.ts +3 -1
  303. package/src/utils/Constants.ts +6 -3
  304. package/src/utils/ProtocolUtils.ts +26 -8
  305. package/src/utils/UrlUtils.ts +8 -3
  306. package/types/account/AccountInfo.d.ts +8 -2
  307. package/types/account/AccountInfo.d.ts.map +1 -1
  308. package/types/account/AuthToken.d.ts +2 -6
  309. package/types/account/AuthToken.d.ts.map +1 -1
  310. package/types/account/ClientCredentials.d.ts +1 -0
  311. package/types/account/ClientCredentials.d.ts.map +1 -1
  312. package/types/account/ClientInfo.d.ts.map +1 -1
  313. package/types/authority/Authority.d.ts +4 -4
  314. package/types/authority/Authority.d.ts.map +1 -1
  315. package/types/authority/AuthorityFactory.d.ts.map +1 -1
  316. package/types/authority/AuthorityMetadata.d.ts.map +1 -1
  317. package/types/authority/RegionDiscovery.d.ts +3 -2
  318. package/types/authority/RegionDiscovery.d.ts.map +1 -1
  319. package/types/cache/CacheManager.d.ts +0 -7
  320. package/types/cache/CacheManager.d.ts.map +1 -1
  321. package/types/cache/entities/AccountEntity.d.ts +4 -0
  322. package/types/cache/entities/AccountEntity.d.ts.map +1 -1
  323. package/types/cache/entities/CredentialEntity.d.ts +2 -0
  324. package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
  325. package/types/cache/utils/AccountEntityUtils.d.ts +1 -1
  326. package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
  327. package/types/cache/utils/CacheHelpers.d.ts +1 -1
  328. package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
  329. package/types/cache/utils/CacheTypes.d.ts +2 -1
  330. package/types/cache/utils/CacheTypes.d.ts.map +1 -1
  331. package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  332. package/types/client/RefreshTokenClient.d.ts.map +1 -1
  333. package/types/client/SilentFlowClient.d.ts.map +1 -1
  334. package/types/config/ClientConfiguration.d.ts.map +1 -1
  335. package/types/constants/AADServerParamKeys.d.ts +4 -0
  336. package/types/constants/AADServerParamKeys.d.ts.map +1 -1
  337. package/types/crypto/ICrypto.d.ts.map +1 -1
  338. package/types/crypto/JoseHeader.d.ts.map +1 -1
  339. package/types/error/AuthError.d.ts +2 -3
  340. package/types/error/AuthError.d.ts.map +1 -1
  341. package/types/error/ClientAuthError.d.ts +2 -2
  342. package/types/error/ClientAuthError.d.ts.map +1 -1
  343. package/types/error/ClientAuthErrorCodes.d.ts +0 -2
  344. package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
  345. package/types/error/ClientConfigurationError.d.ts +2 -2
  346. package/types/error/ClientConfigurationError.d.ts.map +1 -1
  347. package/types/error/InteractionRequiredAuthError.d.ts +2 -2
  348. package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
  349. package/types/error/JoseHeaderError.d.ts +2 -2
  350. package/types/error/JoseHeaderError.d.ts.map +1 -1
  351. package/types/error/NetworkError.d.ts.map +1 -1
  352. package/types/error/PlatformBrokerError.d.ts +1 -1
  353. package/types/error/PlatformBrokerError.d.ts.map +1 -1
  354. package/types/error/ServerError.d.ts +1 -1
  355. package/types/error/ServerError.d.ts.map +1 -1
  356. package/types/network/INetworkModule.d.ts.map +1 -1
  357. package/types/network/ThrottlingUtils.d.ts.map +1 -1
  358. package/types/packageMetadata.d.ts +1 -1
  359. package/types/packageMetadata.d.ts.map +1 -1
  360. package/types/protocol/Authorize.d.ts +4 -2
  361. package/types/protocol/Authorize.d.ts.map +1 -1
  362. package/types/protocol/Token.d.ts.map +1 -1
  363. package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
  364. package/types/request/BaseAuthRequest.d.ts +4 -0
  365. package/types/request/BaseAuthRequest.d.ts.map +1 -1
  366. package/types/request/RequestParameterBuilder.d.ts +12 -3
  367. package/types/request/RequestParameterBuilder.d.ts.map +1 -1
  368. package/types/request/ScopeSet.d.ts +4 -3
  369. package/types/request/ScopeSet.d.ts.map +1 -1
  370. package/types/response/ImdsComputeResponse.d.ts +10 -0
  371. package/types/response/ImdsComputeResponse.d.ts.map +1 -0
  372. package/types/response/ResponseHandler.d.ts +1 -1
  373. package/types/response/ResponseHandler.d.ts.map +1 -1
  374. package/types/url/UrlString.d.ts +5 -4
  375. package/types/url/UrlString.d.ts.map +1 -1
  376. package/types/utils/ClientAssertionUtils.d.ts +1 -1
  377. package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
  378. package/types/utils/Constants.d.ts +6 -2
  379. package/types/utils/Constants.d.ts.map +1 -1
  380. package/types/utils/ProtocolUtils.d.ts +6 -3
  381. package/types/utils/ProtocolUtils.d.ts.map +1 -1
  382. package/types/utils/UrlUtils.d.ts.map +1 -1
  383. package/lib/index-node-CcOYLhxB.js.map +0 -1
@@ -20,7 +20,7 @@ import { CacheRecord } from "../cache/entities/CacheRecord.js";
20
20
  import { CacheOutcome } from "../utils/Constants.js";
21
21
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
22
22
  import { StringUtils } from "../utils/StringUtils.js";
23
- import { checkMaxAge, extractTokenClaims } from "../account/AuthToken.js";
23
+ import { extractTokenClaims } from "../account/AuthToken.js";
24
24
  import { TokenClaims } from "../account/TokenClaims.js";
25
25
  import * as PerformanceEvents from "../telemetry/performance/PerformanceEvents.js";
26
26
  import { invokeAsync } from "../utils/FunctionWrappers.js";
@@ -106,20 +106,25 @@ export class SilentFlowClient {
106
106
  request.correlationId
107
107
  );
108
108
  throw createClientAuthError(
109
- ClientAuthErrorCodes.tokenRefreshRequired
109
+ ClientAuthErrorCodes.tokenRefreshRequired,
110
+ request.correlationId
110
111
  );
111
112
  }
112
113
 
113
114
  // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases
114
115
  if (!request.account) {
115
116
  throw createClientAuthError(
116
- ClientAuthErrorCodes.noAccountInSilentRequest
117
+ ClientAuthErrorCodes.noAccountInSilentRequest,
118
+ request.correlationId
117
119
  );
118
120
  }
119
121
 
120
122
  const requestTenantId =
121
123
  request.account.tenantId ||
122
- getTenantFromAuthorityString(request.authority);
124
+ getTenantFromAuthorityString(
125
+ request.authority,
126
+ request.correlationId
127
+ );
123
128
  const tokenKeys = this.cacheManager.getTokenKeys();
124
129
  const cachedAccessToken = this.cacheManager.getAccessToken(
125
130
  request.account,
@@ -135,7 +140,8 @@ export class SilentFlowClient {
135
140
  request.correlationId
136
141
  );
137
142
  throw createClientAuthError(
138
- ClientAuthErrorCodes.tokenRefreshRequired
143
+ ClientAuthErrorCodes.tokenRefreshRequired,
144
+ request.correlationId
139
145
  );
140
146
  } else if (
141
147
  TimeUtils.wasClockTurnedBack(cachedAccessToken.cachedAt) ||
@@ -150,7 +156,8 @@ export class SilentFlowClient {
150
156
  request.correlationId
151
157
  );
152
158
  throw createClientAuthError(
153
- ClientAuthErrorCodes.tokenRefreshRequired
159
+ ClientAuthErrorCodes.tokenRefreshRequired,
160
+ request.correlationId
154
161
  );
155
162
  } else if (request.resource) {
156
163
  // cached access token must have a resource that matches the request resource for MCP scenarios
@@ -160,7 +167,8 @@ export class SilentFlowClient {
160
167
  request.correlationId
161
168
  );
162
169
  throw createClientAuthError(
163
- ClientAuthErrorCodes.tokenRefreshRequired
170
+ ClientAuthErrorCodes.tokenRefreshRequired,
171
+ request.correlationId
164
172
  );
165
173
  }
166
174
  } else if (
@@ -243,22 +251,11 @@ export class SilentFlowClient {
243
251
  if (cacheRecord.idToken) {
244
252
  idTokenClaims = extractTokenClaims(
245
253
  cacheRecord.idToken.secret,
246
- this.config.cryptoInterface.base64Decode
254
+ this.config.cryptoInterface.base64Decode,
255
+ request.correlationId
247
256
  );
248
257
  }
249
258
 
250
- // token max_age check
251
- if (request.maxAge || request.maxAge === 0) {
252
- const authTime = idTokenClaims?.auth_time;
253
- if (!authTime) {
254
- throw createClientAuthError(
255
- ClientAuthErrorCodes.authTimeNotFound
256
- );
257
- }
258
-
259
- checkMaxAge(authTime, request.maxAge);
260
- }
261
-
262
259
  return ResponseHandler.generateAuthenticationResult(
263
260
  this.cryptoUtils,
264
261
  this.authority,
@@ -174,10 +174,16 @@ const DEFAULT_LOGGER_IMPLEMENTATION: Required<LoggerOptions> = {
174
174
 
175
175
  const DEFAULT_NETWORK_IMPLEMENTATION: INetworkModule = {
176
176
  async sendGetRequestAsync<T>(): Promise<T> {
177
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
177
+ throw createClientAuthError(
178
+ ClientAuthErrorCodes.methodNotImplemented,
179
+ ""
180
+ );
178
181
  },
179
182
  async sendPostRequestAsync<T>(): Promise<T> {
180
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
183
+ throw createClientAuthError(
184
+ ClientAuthErrorCodes.methodNotImplemented,
185
+ ""
186
+ );
181
187
  },
182
188
  };
183
189
 
@@ -63,3 +63,8 @@ export const EAR_JWK = "ear_jwk";
63
63
  export const EAR_JWE_CRYPTO = "ear_jwe_crypto";
64
64
  export const RESOURCE = "resource";
65
65
  export const CLI_DATA = "clidata";
66
+ export const USER_FEDERATED_IDENTITY_CREDENTIAL =
67
+ "user_federated_identity_credential";
68
+ export const USERNAME = "username";
69
+ export const USER_ID = "user_id";
70
+ export const FMI_PATH = "fmi_path";
@@ -96,33 +96,63 @@ export interface ICrypto {
96
96
 
97
97
  export const DEFAULT_CRYPTO_IMPLEMENTATION: ICrypto = {
98
98
  createNewGuid: (): string => {
99
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
99
+ throw createClientAuthError(
100
+ ClientAuthErrorCodes.methodNotImplemented,
101
+ ""
102
+ );
100
103
  },
101
104
  base64Decode: (): string => {
102
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
105
+ throw createClientAuthError(
106
+ ClientAuthErrorCodes.methodNotImplemented,
107
+ ""
108
+ );
103
109
  },
104
110
  base64Encode: (): string => {
105
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
111
+ throw createClientAuthError(
112
+ ClientAuthErrorCodes.methodNotImplemented,
113
+ ""
114
+ );
106
115
  },
107
116
  base64UrlEncode: (): string => {
108
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
117
+ throw createClientAuthError(
118
+ ClientAuthErrorCodes.methodNotImplemented,
119
+ ""
120
+ );
109
121
  },
110
122
  encodeKid: (): string => {
111
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
123
+ throw createClientAuthError(
124
+ ClientAuthErrorCodes.methodNotImplemented,
125
+ ""
126
+ );
112
127
  },
113
128
  async getPublicKeyThumbprint(): Promise<string> {
114
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
129
+ throw createClientAuthError(
130
+ ClientAuthErrorCodes.methodNotImplemented,
131
+ ""
132
+ );
115
133
  },
116
134
  async removeTokenBindingKey(): Promise<void> {
117
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
135
+ throw createClientAuthError(
136
+ ClientAuthErrorCodes.methodNotImplemented,
137
+ ""
138
+ );
118
139
  },
119
140
  async clearKeystore(): Promise<boolean> {
120
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
141
+ throw createClientAuthError(
142
+ ClientAuthErrorCodes.methodNotImplemented,
143
+ ""
144
+ );
121
145
  },
122
146
  async signJwt(): Promise<string> {
123
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
147
+ throw createClientAuthError(
148
+ ClientAuthErrorCodes.methodNotImplemented,
149
+ ""
150
+ );
124
151
  },
125
152
  async hashString(): Promise<string> {
126
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
153
+ throw createClientAuthError(
154
+ ClientAuthErrorCodes.methodNotImplemented,
155
+ ""
156
+ );
127
157
  },
128
158
  };
@@ -38,12 +38,18 @@ export class JoseHeader {
38
38
  static getShrHeaderString(shrHeaderOptions: JoseHeaderOptions): string {
39
39
  // KeyID is required on the SHR header
40
40
  if (!shrHeaderOptions.kid) {
41
- throw createJoseHeaderError(JoseHeaderErrorCodes.missingKidError);
41
+ throw createJoseHeaderError(
42
+ JoseHeaderErrorCodes.missingKidError,
43
+ ""
44
+ );
42
45
  }
43
46
 
44
47
  // Alg is required on the SHR header
45
48
  if (!shrHeaderOptions.alg) {
46
- throw createJoseHeaderError(JoseHeaderErrorCodes.missingAlgError);
49
+ throw createJoseHeaderError(
50
+ JoseHeaderErrorCodes.missingAlgError,
51
+ ""
52
+ );
47
53
  }
48
54
 
49
55
  const shrHeader = new JoseHeader({
@@ -125,7 +125,7 @@ export class PopTokenGenerator {
125
125
  } = request;
126
126
 
127
127
  const resourceUrlString = resourceRequestUri
128
- ? new UrlString(resourceRequestUri)
128
+ ? new UrlString(resourceRequestUri, request.correlationId)
129
129
  : undefined;
130
130
  const resourceUrlComponents = resourceUrlString?.getUrlComponents();
131
131
  return this.cryptoUtils.signJwt(
@@ -40,7 +40,12 @@ export class AuthError extends Error {
40
40
  */
41
41
  platformBrokerError?: PlatformBrokerError;
42
42
 
43
- constructor(errorCode?: string, errorMessage?: string, suberror?: string) {
43
+ constructor(
44
+ errorCode: string,
45
+ correlationId: string,
46
+ errorMessage?: string,
47
+ suberror?: string
48
+ ) {
44
49
  const message =
45
50
  errorMessage ||
46
51
  (errorCode ? getDefaultErrorMessage(errorCode) : "");
@@ -51,20 +56,19 @@ export class AuthError extends Error {
51
56
  this.errorCode = errorCode || "";
52
57
  this.errorMessage = message || "";
53
58
  this.subError = suberror || "";
54
- this.name = "AuthError";
55
- }
56
-
57
- setCorrelationId(correlationId: string): void {
58
59
  this.correlationId = correlationId;
60
+ this.name = "AuthError";
59
61
  }
60
62
  }
61
63
 
62
64
  export function createAuthError(
63
65
  code: string,
66
+ correlationId: string,
64
67
  additionalMessage?: string
65
68
  ): AuthError {
66
69
  return new AuthError(
67
70
  code,
71
+ correlationId,
68
72
  additionalMessage || getDefaultErrorMessage(code)
69
73
  );
70
74
  }
@@ -15,8 +15,12 @@ export { ClientAuthErrorCodes }; // Allow importing as "ClientAuthErrorCodes";
15
15
  * Error thrown when there is an error in the client code running on the browser.
16
16
  */
17
17
  export class ClientAuthError extends AuthError {
18
- constructor(errorCode: string, additionalMessage?: string) {
19
- super(errorCode, additionalMessage);
18
+ constructor(
19
+ errorCode: string,
20
+ correlationId: string,
21
+ additionalMessage?: string
22
+ ) {
23
+ super(errorCode, correlationId, additionalMessage);
20
24
  this.name = "ClientAuthError";
21
25
 
22
26
  Object.setPrototypeOf(this, ClientAuthError.prototype);
@@ -25,7 +29,8 @@ export class ClientAuthError extends AuthError {
25
29
 
26
30
  export function createClientAuthError(
27
31
  errorCode: string,
32
+ correlationId: string,
28
33
  additionalMessage?: string
29
34
  ): ClientAuthError {
30
- return new ClientAuthError(errorCode, additionalMessage);
35
+ return new ClientAuthError(errorCode, correlationId, additionalMessage);
31
36
  }
@@ -15,8 +15,6 @@ export const invalidState = "invalid_state";
15
15
  export const stateMismatch = "state_mismatch";
16
16
  export const stateNotFound = "state_not_found";
17
17
  export const nonceMismatch = "nonce_mismatch";
18
- export const authTimeNotFound = "auth_time_not_found";
19
- export const maxAgeTranspired = "max_age_transpired";
20
18
  export const multipleMatchingTokens = "multiple_matching_tokens";
21
19
  export const multipleMatchingAppMetadata = "multiple_matching_appMetadata";
22
20
  export const requestCannotBeMade = "request_cannot_be_made";
@@ -11,15 +11,16 @@ export { ClientConfigurationErrorCodes };
11
11
  * Error thrown when there is an error in configuration of the MSAL.js library.
12
12
  */
13
13
  export class ClientConfigurationError extends AuthError {
14
- constructor(errorCode: string) {
15
- super(errorCode);
14
+ constructor(errorCode: string, correlationId: string) {
15
+ super(errorCode, correlationId);
16
16
  this.name = "ClientConfigurationError";
17
17
  Object.setPrototypeOf(this, ClientConfigurationError.prototype);
18
18
  }
19
19
  }
20
20
 
21
21
  export function createClientConfigurationError(
22
- errorCode: string
22
+ errorCode: string,
23
+ correlationId: string
23
24
  ): ClientConfigurationError {
24
- return new ClientConfigurationError(errorCode);
25
+ return new ClientConfigurationError(errorCode, correlationId);
25
26
  }
@@ -61,21 +61,20 @@ export class InteractionRequiredAuthError extends AuthError {
61
61
  readonly errorNo?: string;
62
62
 
63
63
  constructor(
64
- errorCode?: string,
64
+ errorCode: string,
65
+ correlationId: string,
65
66
  errorMessage?: string,
66
67
  subError?: string,
67
68
  timestamp?: string,
68
69
  traceId?: string,
69
- correlationId?: string,
70
70
  claims?: string,
71
71
  errorNo?: string
72
72
  ) {
73
- super(errorCode, errorMessage, subError);
73
+ super(errorCode, correlationId, errorMessage, subError);
74
74
  Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
75
75
 
76
76
  this.timestamp = timestamp || "";
77
77
  this.traceId = traceId || "";
78
- this.correlationId = correlationId || "";
79
78
  this.claims = claims || "";
80
79
  this.name = "InteractionRequiredAuthError";
81
80
  this.errorNo = errorNo;
@@ -117,7 +116,12 @@ export function isInteractionRequiredError(
117
116
  */
118
117
  export function createInteractionRequiredAuthError(
119
118
  errorCode: string,
119
+ correlationId: string,
120
120
  errorMessage?: string
121
121
  ): InteractionRequiredAuthError {
122
- return new InteractionRequiredAuthError(errorCode, errorMessage);
122
+ return new InteractionRequiredAuthError(
123
+ errorCode,
124
+ correlationId,
125
+ errorMessage
126
+ );
123
127
  }
@@ -11,8 +11,12 @@ export { JoseHeaderErrorCodes };
11
11
  * Error thrown when there is an error in the client code running on the browser.
12
12
  */
13
13
  export class JoseHeaderError extends AuthError {
14
- constructor(errorCode: string, errorMessage?: string) {
15
- super(errorCode, errorMessage);
14
+ constructor(
15
+ errorCode: string,
16
+ correlationId: string,
17
+ errorMessage?: string
18
+ ) {
19
+ super(errorCode, correlationId, errorMessage);
16
20
  this.name = "JoseHeaderError";
17
21
 
18
22
  Object.setPrototypeOf(this, JoseHeaderError.prototype);
@@ -20,6 +24,9 @@ export class JoseHeaderError extends AuthError {
20
24
  }
21
25
 
22
26
  /** Returns JoseHeaderError object */
23
- export function createJoseHeaderError(code: string): JoseHeaderError {
24
- return new JoseHeaderError(code);
27
+ export function createJoseHeaderError(
28
+ code: string,
29
+ correlationId: string
30
+ ): JoseHeaderError {
31
+ return new JoseHeaderError(code, correlationId);
25
32
  }
@@ -18,7 +18,12 @@ export class NetworkError extends AuthError {
18
18
  httpStatus?: number,
19
19
  responseHeaders?: Record<string, string>
20
20
  ) {
21
- super(error.errorCode, error.errorMessage, error.subError);
21
+ super(
22
+ error.errorCode,
23
+ error.correlationId,
24
+ error.errorMessage,
25
+ error.subError
26
+ );
22
27
 
23
28
  Object.setPrototypeOf(this, NetworkError.prototype);
24
29
  this.name = "NetworkError";
@@ -49,6 +49,7 @@ export class PlatformBrokerError extends AuthError {
49
49
 
50
50
  constructor(
51
51
  errorStatus: string,
52
+ correlationId: string,
52
53
  errorContext: string,
53
54
  errorCode: number,
54
55
  errorTag: number
@@ -58,7 +59,7 @@ export class PlatformBrokerError extends AuthError {
58
59
  ? `${errorContext} (Error Code: ${errorCode}, Tag: ${tagString})`
59
60
  : `(Error Code: ${errorCode}, Tag: ${tagString})`;
60
61
 
61
- super(errorStatus, enhancedErrorContext);
62
+ super(errorStatus, correlationId, enhancedErrorContext);
62
63
  this.name = "PlatformBrokerError";
63
64
  this.statusCode = errorCode;
64
65
  this.tag = tagString;
@@ -20,13 +20,14 @@ export class ServerError extends AuthError {
20
20
  readonly status?: number;
21
21
 
22
22
  constructor(
23
- errorCode?: string,
23
+ errorCode: string,
24
+ correlationId: string,
24
25
  errorMessage?: string,
25
26
  subError?: string,
26
27
  errorNo?: string,
27
28
  status?: number
28
29
  ) {
29
- super(errorCode, errorMessage, subError);
30
+ super(errorCode, correlationId, errorMessage, subError);
30
31
  this.name = "ServerError";
31
32
  this.errorNo = errorNo;
32
33
  this.status = status;
@@ -46,14 +46,15 @@ export interface INetworkModule {
46
46
  }
47
47
 
48
48
  export const StubbedNetworkModule: INetworkModule = {
49
+ // Module-level singleton: no per-request correlationId available
49
50
  sendGetRequestAsync: () => {
50
51
  return Promise.reject(
51
- createClientAuthError(ClientAuthErrorCodes.methodNotImplemented)
52
+ createClientAuthError(ClientAuthErrorCodes.methodNotImplemented, "")
52
53
  );
53
54
  },
54
55
  sendPostRequestAsync: () => {
55
56
  return Promise.reject(
56
- createClientAuthError(ClientAuthErrorCodes.methodNotImplemented)
57
+ createClientAuthError(ClientAuthErrorCodes.methodNotImplemented, "")
57
58
  );
58
59
  },
59
60
  };
@@ -45,6 +45,7 @@ export class ThrottlingUtils {
45
45
  }
46
46
  throw new ServerError(
47
47
  value.errorCodes?.join(" ") || "",
48
+ correlationId,
48
49
  value.errorMessage,
49
50
  value.subError
50
51
  );
@@ -1,3 +1,3 @@
1
1
  /* eslint-disable header/header */
2
2
  export const name = "@azure/msal-common";
3
- export const version = "16.9.0";
3
+ export const version = "16.10.0";
@@ -61,6 +61,7 @@ export function getStandardAuthorizeRequestParameters(
61
61
  RequestParameterBuilder.addScopes(
62
62
  parameters,
63
63
  requestScopes,
64
+ request.correlationId,
64
65
  true,
65
66
  authOptions.authority.options.OIDCOptions?.defaultScopes
66
67
  );
@@ -249,6 +250,7 @@ export function getStandardAuthorizeRequestParameters(
249
250
 
250
251
  RequestParameterBuilder.addClaims(
251
252
  parameters,
253
+ request.correlationId,
252
254
  request.claims,
253
255
  authOptions.clientCapabilities,
254
256
  request.skipBrokerClaims
@@ -291,18 +293,21 @@ export function getAuthorizeUrl(
291
293
  * the client to exchange for a token in acquireToken.
292
294
  * @param serverParams
293
295
  * @param cachedState
296
+ * @param correlationId
294
297
  */
295
298
  export function getAuthorizationCodePayload(
296
299
  serverParams: AuthorizeResponse,
297
- cachedState: string
300
+ cachedState: string,
301
+ correlationId: string
298
302
  ): AuthorizationCodePayload {
299
303
  // Get code response
300
- validateAuthorizationResponse(serverParams, cachedState);
304
+ validateAuthorizationResponse(serverParams, cachedState, correlationId);
301
305
 
302
306
  // throw when there is no auth code in the response
303
307
  if (!serverParams.code) {
304
308
  throw createClientAuthError(
305
- ClientAuthErrorCodes.authorizationCodeMissingFromServerResponse
309
+ ClientAuthErrorCodes.authorizationCodeMissingFromServerResponse,
310
+ correlationId
306
311
  );
307
312
  }
308
313
 
@@ -313,19 +318,23 @@ export function getAuthorizationCodePayload(
313
318
  * Function which validates server authorization code response.
314
319
  * @param serverResponseHash
315
320
  * @param requestState
321
+ * @param correlationId
316
322
  */
317
323
  export function validateAuthorizationResponse(
318
324
  serverResponse: AuthorizeResponse,
319
- requestState: string
325
+ requestState: string,
326
+ correlationId: string
320
327
  ): void {
321
328
  if (!serverResponse.state || !requestState) {
322
329
  throw serverResponse.state
323
330
  ? createClientAuthError(
324
331
  ClientAuthErrorCodes.stateNotFound,
332
+ correlationId,
325
333
  "Cached State"
326
334
  )
327
335
  : createClientAuthError(
328
336
  ClientAuthErrorCodes.stateNotFound,
337
+ correlationId,
329
338
  "Server State"
330
339
  );
331
340
  }
@@ -338,6 +347,7 @@ export function validateAuthorizationResponse(
338
347
  } catch (e) {
339
348
  throw createClientAuthError(
340
349
  ClientAuthErrorCodes.invalidState,
350
+ correlationId,
341
351
  serverResponse.state
342
352
  );
343
353
  }
@@ -347,12 +357,16 @@ export function validateAuthorizationResponse(
347
357
  } catch (e) {
348
358
  throw createClientAuthError(
349
359
  ClientAuthErrorCodes.invalidState,
360
+ correlationId,
350
361
  serverResponse.state
351
362
  );
352
363
  }
353
364
 
354
365
  if (decodedServerResponseState !== decodedRequestState) {
355
- throw createClientAuthError(ClientAuthErrorCodes.stateMismatch);
366
+ throw createClientAuthError(
367
+ ClientAuthErrorCodes.stateMismatch,
368
+ correlationId
369
+ );
356
370
  }
357
371
 
358
372
  // Check for error
@@ -371,11 +385,11 @@ export function validateAuthorizationResponse(
371
385
  ) {
372
386
  throw new InteractionRequiredAuthError(
373
387
  serverResponse.error || "",
388
+ serverResponse.correlation_id || correlationId,
374
389
  serverResponse.error_description,
375
390
  serverResponse.suberror,
376
391
  serverResponse.timestamp || "",
377
392
  serverResponse.trace_id || "",
378
- serverResponse.correlation_id || "",
379
393
  serverResponse.claims || "",
380
394
  serverErrorNo
381
395
  );
@@ -383,6 +397,7 @@ export function validateAuthorizationResponse(
383
397
 
384
398
  throw new ServerError(
385
399
  serverResponse.error || "",
400
+ serverResponse.correlation_id || correlationId,
386
401
  serverResponse.error_description,
387
402
  serverResponse.suberror,
388
403
  serverErrorNo
@@ -217,7 +217,10 @@ export async function sendPostRequest<
217
217
  if (e instanceof AuthError) {
218
218
  throw e;
219
219
  } else {
220
- throw createClientAuthError(ClientAuthErrorCodes.networkError);
220
+ throw createClientAuthError(
221
+ ClientAuthErrorCodes.networkError,
222
+ correlationId
223
+ );
221
224
  }
222
225
  }
223
226
 
@@ -44,7 +44,8 @@ export class AuthenticationHeaderParser {
44
44
  return authenticationInfoChallenges.nextnonce;
45
45
  }
46
46
  throw createClientConfigurationError(
47
- ClientConfigurationErrorCodes.invalidAuthenticationHeader
47
+ ClientConfigurationErrorCodes.invalidAuthenticationHeader,
48
+ ""
48
49
  );
49
50
  }
50
51
 
@@ -59,13 +60,15 @@ export class AuthenticationHeaderParser {
59
60
  return wwwAuthenticateChallenges.nonce;
60
61
  }
61
62
  throw createClientConfigurationError(
62
- ClientConfigurationErrorCodes.invalidAuthenticationHeader
63
+ ClientConfigurationErrorCodes.invalidAuthenticationHeader,
64
+ ""
63
65
  );
64
66
  }
65
67
 
66
68
  // If neither header is present, throw missing headers error
67
69
  throw createClientConfigurationError(
68
- ClientConfigurationErrorCodes.missingNonceAuthenticationHeader
70
+ ClientConfigurationErrorCodes.missingNonceAuthenticationHeader,
71
+ ""
69
72
  );
70
73
  }
71
74
 
@@ -69,6 +69,10 @@ export type BaseAuthRequest = {
69
69
  azureCloudOptions?: AzureCloudOptions;
70
70
  /**
71
71
  * Maximum allowed age, in milliseconds, of the user's authentication before a new sign-in is required.
72
+ * @deprecated This option no longer has any effect and will be removed in a future major version.
73
+ * MSAL does not validate the authentication age of returned tokens. To enforce the OIDC `max_age`
74
+ * parameter, send it via `extraQueryParameters` and validate the `auth_time` claim of the returned
75
+ * token yourself.
72
76
  */
73
77
  maxAge?: number;
74
78
  /**
@@ -130,13 +134,15 @@ export function enforceResourceParameter(
130
134
  containsResourceParam(request.extraQueryParameters))
131
135
  ) {
132
136
  throw createClientAuthError(
133
- ClientAuthErrorCodes.misplacedResourceParam
137
+ ClientAuthErrorCodes.misplacedResourceParam,
138
+ request.correlationId || ""
134
139
  );
135
140
  }
136
141
 
137
142
  if (!request.resource) {
138
143
  throw createClientAuthError(
139
- ClientAuthErrorCodes.resourceParameterRequired
144
+ ClientAuthErrorCodes.resourceParameterRequired,
145
+ request.correlationId || ""
140
146
  );
141
147
  }
142
148
  }