@azure/msal-common 16.9.0 → 16.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +9 -3
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +9 -23
- package/dist/account/AuthToken.mjs.map +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/CcsCredential.mjs.map +1 -1
- package/dist/account/ClientInfo.mjs +4 -4
- package/dist/account/ClientInfo.mjs.map +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/account/TokenClaims.mjs.map +1 -1
- package/dist/authority/Authority.mjs +36 -37
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +3 -3
- package/dist/authority/AuthorityFactory.mjs.map +1 -1
- package/dist/authority/AuthorityMetadata.mjs +2 -2
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs.map +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/AuthorityType.mjs.map +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs.map +1 -1
- package/dist/authority/RegionDiscovery.mjs +16 -10
- package/dist/authority/RegionDiscovery.mjs.map +1 -1
- package/dist/cache/CacheManager.mjs +62 -46
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs.map +1 -1
- package/dist/cache/utils/AccountEntityUtils.mjs +18 -8
- package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +10 -5
- package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +7 -7
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +8 -8
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +10 -18
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.mjs +3 -3
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +7 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +11 -11
- package/dist/crypto/ICrypto.mjs.map +1 -1
- package/dist/crypto/JoseHeader.mjs +3 -3
- package/dist/crypto/JoseHeader.mjs.map +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +2 -2
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.mjs +5 -7
- package/dist/error/AuthError.mjs.map +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +5 -5
- package/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +5 -5
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +5 -5
- package/dist/error/JoseHeaderError.mjs.map +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +2 -2
- package/dist/error/NetworkError.mjs.map +1 -1
- package/dist/error/PlatformBrokerError.mjs +3 -3
- package/dist/error/PlatformBrokerError.mjs.map +1 -1
- package/dist/error/ServerError.mjs +3 -3
- package/dist/error/ServerError.mjs.map +1 -1
- package/dist/index-node.mjs +53 -53
- package/dist/index.mjs +59 -59
- package/dist/logger/Logger.mjs +1 -1
- package/dist/logger/Logger.mjs.map +1 -1
- package/dist/network/INetworkModule.mjs +4 -3
- package/dist/network/INetworkModule.mjs.map +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.mjs +2 -2
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +16 -14
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/protocol/Token.mjs +2 -2
- package/dist/protocol/Token.mjs.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist/request/BaseAuthRequest.mjs +3 -3
- package/dist/request/BaseAuthRequest.mjs.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +51 -33
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +13 -12
- package/dist/request/ScopeSet.mjs.map +1 -1
- package/dist/response/ResponseHandler.mjs +29 -27
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +2 -2
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.mjs +15 -14
- package/dist/url/UrlString.mjs.map +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +3 -2
- package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist/utils/Constants.mjs +7 -3
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/FunctionWrappers.mjs.map +1 -1
- package/dist/utils/ProtocolUtils.mjs +12 -9
- package/dist/utils/ProtocolUtils.mjs.map +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs.map +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/utils/UrlUtils.mjs +4 -4
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/dist-browser/account/AccountInfo.mjs +9 -3
- package/dist-browser/account/AccountInfo.mjs.map +1 -1
- package/dist-browser/account/AuthToken.mjs +9 -23
- package/dist-browser/account/AuthToken.mjs.map +1 -1
- package/dist-browser/account/CcsCredential.mjs +1 -1
- package/dist-browser/account/CcsCredential.mjs.map +1 -1
- package/dist-browser/account/ClientInfo.mjs +4 -4
- package/dist-browser/account/ClientInfo.mjs.map +1 -1
- package/dist-browser/account/TokenClaims.mjs +1 -1
- package/dist-browser/account/TokenClaims.mjs.map +1 -1
- package/dist-browser/authority/Authority.mjs +36 -37
- package/dist-browser/authority/Authority.mjs.map +1 -1
- package/dist-browser/authority/AuthorityFactory.mjs +3 -3
- package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
- package/dist-browser/authority/AuthorityMetadata.mjs +2 -2
- package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist-browser/authority/AuthorityOptions.mjs +1 -1
- package/dist-browser/authority/AuthorityOptions.mjs.map +1 -1
- package/dist-browser/authority/AuthorityType.mjs +1 -1
- package/dist-browser/authority/AuthorityType.mjs.map +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist-browser/authority/ProtocolMode.mjs +1 -1
- package/dist-browser/authority/ProtocolMode.mjs.map +1 -1
- package/dist-browser/authority/RegionDiscovery.mjs +16 -10
- package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
- package/dist-browser/cache/CacheManager.mjs +62 -46
- package/dist-browser/cache/CacheManager.mjs.map +1 -1
- package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist-browser/cache/persistence/TokenCacheContext.mjs.map +1 -1
- package/dist-browser/cache/utils/AccountEntityUtils.mjs +18 -8
- package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist-browser/cache/utils/CacheHelpers.mjs +10 -5
- package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist-browser/client/AuthorizationCodeClient.mjs +7 -7
- package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist-browser/client/RefreshTokenClient.mjs +8 -8
- package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
- package/dist-browser/client/SilentFlowClient.mjs +10 -18
- package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
- package/dist-browser/config/ClientConfiguration.mjs +3 -3
- package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
- package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
- package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist-browser/crypto/ICrypto.mjs +11 -11
- package/dist-browser/crypto/ICrypto.mjs.map +1 -1
- package/dist-browser/crypto/JoseHeader.mjs +3 -3
- package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
- package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
- package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist-browser/error/AuthError.mjs +5 -7
- package/dist-browser/error/AuthError.mjs.map +1 -1
- package/dist-browser/error/AuthErrorCodes.mjs +1 -1
- package/dist-browser/error/CacheError.mjs +1 -1
- package/dist-browser/error/CacheError.mjs.map +1 -1
- package/dist-browser/error/CacheErrorCodes.mjs +1 -1
- package/dist-browser/error/ClientAuthError.mjs +5 -5
- package/dist-browser/error/ClientAuthError.mjs.map +1 -1
- package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationError.mjs +5 -5
- package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist-browser/error/JoseHeaderError.mjs +5 -5
- package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
- package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist-browser/error/NetworkError.mjs +2 -2
- package/dist-browser/error/NetworkError.mjs.map +1 -1
- package/dist-browser/error/PlatformBrokerError.mjs +3 -3
- package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
- package/dist-browser/error/ServerError.mjs +3 -3
- package/dist-browser/error/ServerError.mjs.map +1 -1
- package/dist-browser/index-browser.mjs +55 -55
- package/dist-browser/index.mjs +59 -59
- package/dist-browser/log-strings-mapping.json +2 -2
- package/dist-browser/logger/Logger.mjs +1 -1
- package/dist-browser/logger/Logger.mjs.map +1 -1
- package/dist-browser/network/INetworkModule.mjs +4 -3
- package/dist-browser/network/INetworkModule.mjs.map +1 -1
- package/dist-browser/network/RequestThumbprint.mjs +1 -1
- package/dist-browser/network/ThrottlingUtils.mjs +2 -2
- package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
- package/dist-browser/packageMetadata.mjs +2 -2
- package/dist-browser/protocol/Authorize.mjs +16 -14
- package/dist-browser/protocol/Authorize.mjs.map +1 -1
- package/dist-browser/protocol/Token.mjs +2 -2
- package/dist-browser/protocol/Token.mjs.map +1 -1
- package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist-browser/request/BaseAuthRequest.mjs +3 -3
- package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
- package/dist-browser/request/RequestParameterBuilder.mjs +51 -33
- package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist-browser/request/ScopeSet.mjs +13 -12
- package/dist-browser/request/ScopeSet.mjs.map +1 -1
- package/dist-browser/response/ResponseHandler.mjs +29 -27
- package/dist-browser/response/ResponseHandler.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist-browser/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +2 -2
- package/dist-browser/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist-browser/url/UrlString.mjs +15 -14
- package/dist-browser/url/UrlString.mjs.map +1 -1
- package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
- package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist-browser/utils/Constants.mjs +7 -3
- package/dist-browser/utils/Constants.mjs.map +1 -1
- package/dist-browser/utils/FunctionWrappers.mjs +1 -1
- package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
- package/dist-browser/utils/ProtocolUtils.mjs +12 -9
- package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
- package/dist-browser/utils/StringUtils.mjs +1 -1
- package/dist-browser/utils/StringUtils.mjs.map +1 -1
- package/dist-browser/utils/TimeUtils.mjs +1 -1
- package/dist-browser/utils/TimeUtils.mjs.map +1 -1
- package/dist-browser/utils/UrlUtils.mjs +4 -4
- package/dist-browser/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +8 -8
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-CcOYLhxB.js → index-node-BSFEsmmC.js} +364 -312
- package/lib/index-node-BSFEsmmC.js.map +1 -0
- package/lib/index-node.cjs +2 -2
- package/lib/index.cjs +2 -2
- package/package.json +1 -1
- package/src/account/AccountInfo.ts +19 -1
- package/src/account/AuthToken.ts +19 -21
- package/src/account/ClientCredentials.ts +1 -0
- package/src/account/ClientInfo.ts +8 -3
- package/src/authority/Authority.ts +72 -37
- package/src/authority/AuthorityFactory.ts +4 -2
- package/src/authority/AuthorityMetadata.ts +2 -1
- package/src/authority/RegionDiscovery.ts +18 -11
- package/src/cache/CacheManager.ts +160 -57
- package/src/cache/entities/AccountEntity.ts +4 -0
- package/src/cache/entities/CredentialEntity.ts +2 -0
- package/src/cache/utils/AccountEntityUtils.ts +23 -3
- package/src/cache/utils/CacheHelpers.ts +15 -3
- package/src/cache/utils/CacheTypes.ts +2 -0
- package/src/client/AuthorizationCodeClient.ts +10 -4
- package/src/client/RefreshTokenClient.ts +12 -5
- package/src/client/SilentFlowClient.ts +17 -20
- package/src/config/ClientConfiguration.ts +8 -2
- package/src/constants/AADServerParamKeys.ts +5 -0
- package/src/crypto/ICrypto.ts +40 -10
- package/src/crypto/JoseHeader.ts +8 -2
- package/src/crypto/PopTokenGenerator.ts +1 -1
- package/src/error/AuthError.ts +9 -5
- package/src/error/ClientAuthError.ts +8 -3
- package/src/error/ClientAuthErrorCodes.ts +0 -2
- package/src/error/ClientConfigurationError.ts +5 -4
- package/src/error/InteractionRequiredAuthError.ts +9 -5
- package/src/error/JoseHeaderError.ts +11 -4
- package/src/error/NetworkError.ts +6 -1
- package/src/error/PlatformBrokerError.ts +2 -1
- package/src/error/ServerError.ts +3 -2
- package/src/network/INetworkModule.ts +3 -2
- package/src/network/ThrottlingUtils.ts +1 -0
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +21 -6
- package/src/protocol/Token.ts +4 -1
- package/src/request/AuthenticationHeaderParser.ts +6 -3
- package/src/request/BaseAuthRequest.ts +8 -2
- package/src/request/RequestParameterBuilder.ts +66 -43
- package/src/request/ScopeSet.ts +27 -11
- package/src/response/ImdsComputeResponse.ts +14 -0
- package/src/response/ResponseHandler.ts +45 -32
- package/src/url/UrlString.ts +32 -13
- package/src/utils/ClientAssertionUtils.ts +3 -1
- package/src/utils/Constants.ts +6 -3
- package/src/utils/ProtocolUtils.ts +26 -8
- package/src/utils/UrlUtils.ts +8 -3
- package/types/account/AccountInfo.d.ts +8 -2
- package/types/account/AccountInfo.d.ts.map +1 -1
- package/types/account/AuthToken.d.ts +2 -6
- package/types/account/AuthToken.d.ts.map +1 -1
- package/types/account/ClientCredentials.d.ts +1 -0
- package/types/account/ClientCredentials.d.ts.map +1 -1
- package/types/account/ClientInfo.d.ts.map +1 -1
- package/types/authority/Authority.d.ts +4 -4
- package/types/authority/Authority.d.ts.map +1 -1
- package/types/authority/AuthorityFactory.d.ts.map +1 -1
- package/types/authority/AuthorityMetadata.d.ts.map +1 -1
- package/types/authority/RegionDiscovery.d.ts +3 -2
- package/types/authority/RegionDiscovery.d.ts.map +1 -1
- package/types/cache/CacheManager.d.ts +0 -7
- package/types/cache/CacheManager.d.ts.map +1 -1
- package/types/cache/entities/AccountEntity.d.ts +4 -0
- package/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/types/cache/entities/CredentialEntity.d.ts +2 -0
- package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/types/cache/utils/AccountEntityUtils.d.ts +1 -1
- package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
- package/types/cache/utils/CacheHelpers.d.ts +1 -1
- package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/types/cache/utils/CacheTypes.d.ts +2 -1
- package/types/cache/utils/CacheTypes.d.ts.map +1 -1
- package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/types/client/SilentFlowClient.d.ts.map +1 -1
- package/types/config/ClientConfiguration.d.ts.map +1 -1
- package/types/constants/AADServerParamKeys.d.ts +4 -0
- package/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/types/crypto/ICrypto.d.ts.map +1 -1
- package/types/crypto/JoseHeader.d.ts.map +1 -1
- package/types/error/AuthError.d.ts +2 -3
- package/types/error/AuthError.d.ts.map +1 -1
- package/types/error/ClientAuthError.d.ts +2 -2
- package/types/error/ClientAuthError.d.ts.map +1 -1
- package/types/error/ClientAuthErrorCodes.d.ts +0 -2
- package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/types/error/ClientConfigurationError.d.ts +2 -2
- package/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/types/error/InteractionRequiredAuthError.d.ts +2 -2
- package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/types/error/JoseHeaderError.d.ts +2 -2
- package/types/error/JoseHeaderError.d.ts.map +1 -1
- package/types/error/NetworkError.d.ts.map +1 -1
- package/types/error/PlatformBrokerError.d.ts +1 -1
- package/types/error/PlatformBrokerError.d.ts.map +1 -1
- package/types/error/ServerError.d.ts +1 -1
- package/types/error/ServerError.d.ts.map +1 -1
- package/types/network/INetworkModule.d.ts.map +1 -1
- package/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/packageMetadata.d.ts.map +1 -1
- package/types/protocol/Authorize.d.ts +4 -2
- package/types/protocol/Authorize.d.ts.map +1 -1
- package/types/protocol/Token.d.ts.map +1 -1
- package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/types/request/BaseAuthRequest.d.ts +4 -0
- package/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/types/request/RequestParameterBuilder.d.ts +12 -3
- package/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/types/request/ScopeSet.d.ts +4 -3
- package/types/request/ScopeSet.d.ts.map +1 -1
- package/types/response/ImdsComputeResponse.d.ts +10 -0
- package/types/response/ImdsComputeResponse.d.ts.map +1 -0
- package/types/response/ResponseHandler.d.ts +1 -1
- package/types/response/ResponseHandler.d.ts.map +1 -1
- package/types/url/UrlString.d.ts +5 -4
- package/types/url/UrlString.d.ts.map +1 -1
- package/types/utils/ClientAssertionUtils.d.ts +1 -1
- package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
- package/types/utils/Constants.d.ts +6 -2
- package/types/utils/Constants.d.ts.map +1 -1
- package/types/utils/ProtocolUtils.d.ts +6 -3
- package/types/utils/ProtocolUtils.d.ts.map +1 -1
- package/types/utils/UrlUtils.d.ts.map +1 -1
- package/lib/index-node-CcOYLhxB.js.map +0 -1
|
@@ -18,7 +18,6 @@ import {
|
|
|
18
18
|
import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
|
|
19
19
|
import { ClientInfo } from "../account/ClientInfo.js";
|
|
20
20
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
21
|
-
import { StringUtils } from "../utils/StringUtils.js";
|
|
22
21
|
|
|
23
22
|
export function instrumentBrokerParams(
|
|
24
23
|
parameters: Map<string, string>,
|
|
@@ -84,6 +83,7 @@ export function addNativeBroker(parameters: Map<string, string>): void {
|
|
|
84
83
|
export function addScopes(
|
|
85
84
|
parameters: Map<string, string>,
|
|
86
85
|
scopes: string[],
|
|
86
|
+
correlationId: string,
|
|
87
87
|
addOidcScopes: boolean = true,
|
|
88
88
|
defaultScopes: Array<string> = Constants.OIDC_DEFAULT_SCOPES
|
|
89
89
|
): void {
|
|
@@ -98,7 +98,7 @@ export function addScopes(
|
|
|
98
98
|
const requestScopes = addOidcScopes
|
|
99
99
|
? [...(scopes || []), ...defaultScopes]
|
|
100
100
|
: scopes || [];
|
|
101
|
-
const scopeSet = new ScopeSet(requestScopes);
|
|
101
|
+
const scopeSet = new ScopeSet(requestScopes, correlationId);
|
|
102
102
|
parameters.set(AADServerParamKeys.SCOPE, scopeSet.printScopes());
|
|
103
103
|
}
|
|
104
104
|
|
|
@@ -205,12 +205,14 @@ export function addSid(parameters: Map<string, string>, sid: string): void {
|
|
|
205
205
|
* Adds claims to request parameters, conditionally excluding clientCapabilities
|
|
206
206
|
* when skipBrokerClaims is true and a brokered flow is in effect.
|
|
207
207
|
* @param parameters - The request parameters map
|
|
208
|
+
* @param correlationId - The request correlation id
|
|
208
209
|
* @param claims - The claims string from the request
|
|
209
210
|
* @param clientCapabilities - The client capabilities from configuration
|
|
210
211
|
* @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
|
|
211
212
|
*/
|
|
212
213
|
export function addClaims(
|
|
213
214
|
parameters: Map<string, string>,
|
|
215
|
+
correlationId: string,
|
|
214
216
|
claims?: string,
|
|
215
217
|
clientCapabilities?: Array<string>,
|
|
216
218
|
skipBrokerClaims?: boolean
|
|
@@ -221,23 +223,8 @@ export function addClaims(
|
|
|
221
223
|
? undefined
|
|
222
224
|
: clientCapabilities;
|
|
223
225
|
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
(configClaims && configClaims.length > 0)
|
|
227
|
-
) {
|
|
228
|
-
const mergedClaims = addClientCapabilitiesToClaims(
|
|
229
|
-
claims,
|
|
230
|
-
configClaims
|
|
231
|
-
);
|
|
232
|
-
try {
|
|
233
|
-
JSON.parse(mergedClaims);
|
|
234
|
-
} catch (e) {
|
|
235
|
-
throw createClientConfigurationError(
|
|
236
|
-
ClientConfigurationErrorCodes.invalidClaims
|
|
237
|
-
);
|
|
238
|
-
}
|
|
239
|
-
parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
|
|
240
|
-
}
|
|
226
|
+
const mergedClaims = buildMergedClaims(claims, configClaims, correlationId);
|
|
227
|
+
parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
|
|
241
228
|
}
|
|
242
229
|
|
|
243
230
|
/**
|
|
@@ -335,7 +322,8 @@ export function addCodeChallengeParams(
|
|
|
335
322
|
);
|
|
336
323
|
} else {
|
|
337
324
|
throw createClientConfigurationError(
|
|
338
|
-
ClientConfigurationErrorCodes.pkceParamsMissing
|
|
325
|
+
ClientConfigurationErrorCodes.pkceParamsMissing,
|
|
326
|
+
""
|
|
339
327
|
);
|
|
340
328
|
}
|
|
341
329
|
}
|
|
@@ -493,9 +481,27 @@ export function addExtraParameters(
|
|
|
493
481
|
});
|
|
494
482
|
}
|
|
495
483
|
|
|
496
|
-
|
|
484
|
+
/**
|
|
485
|
+
* Default optional idToken claims requested on all auth requests.
|
|
486
|
+
* signin_state enables KMSI detection; login_hint enables login hint propagation.
|
|
487
|
+
*/
|
|
488
|
+
const DEFAULT_ID_TOKEN_CLAIMS: Record<string, { essential: false }> = {
|
|
489
|
+
[Constants.ClaimsRequestKeys.SIGNIN_STATE]: { essential: false },
|
|
490
|
+
[Constants.ClaimsRequestKeys.LOGIN_HINT]: { essential: false },
|
|
491
|
+
};
|
|
492
|
+
|
|
493
|
+
/**
|
|
494
|
+
* Parses claims JSON, merges default optional idToken claims (signin_state, login_hint),
|
|
495
|
+
* and appends client capabilities (xms_cc) to the access_token section.
|
|
496
|
+
* Does not overwrite idToken claims already specified by the caller.
|
|
497
|
+
* @param claims - Existing claims JSON string from the request (may be undefined)
|
|
498
|
+
* @param clientCapabilities - Client capabilities array from configuration
|
|
499
|
+
* @returns Merged claims JSON string
|
|
500
|
+
*/
|
|
501
|
+
export function buildMergedClaims(
|
|
497
502
|
claims?: string,
|
|
498
|
-
clientCapabilities?: Array<string
|
|
503
|
+
clientCapabilities?: Array<string>,
|
|
504
|
+
correlationId: string = ""
|
|
499
505
|
): string {
|
|
500
506
|
let mergedClaims: object;
|
|
501
507
|
|
|
@@ -504,17 +510,44 @@ export function addClientCapabilitiesToClaims(
|
|
|
504
510
|
mergedClaims = {};
|
|
505
511
|
} else {
|
|
506
512
|
try {
|
|
507
|
-
|
|
513
|
+
const parsed = JSON.parse(claims);
|
|
514
|
+
if (
|
|
515
|
+
typeof parsed !== "object" ||
|
|
516
|
+
parsed === null ||
|
|
517
|
+
Array.isArray(parsed)
|
|
518
|
+
) {
|
|
519
|
+
throw new Error("Claims must be a JSON object");
|
|
520
|
+
}
|
|
521
|
+
mergedClaims = parsed;
|
|
508
522
|
} catch (e) {
|
|
509
523
|
throw createClientConfigurationError(
|
|
510
|
-
ClientConfigurationErrorCodes.invalidClaims
|
|
524
|
+
ClientConfigurationErrorCodes.invalidClaims,
|
|
525
|
+
correlationId
|
|
511
526
|
);
|
|
512
527
|
}
|
|
513
528
|
}
|
|
514
529
|
|
|
530
|
+
// Add default optional idToken claims
|
|
531
|
+
if (
|
|
532
|
+
!Object.prototype.hasOwnProperty.call(
|
|
533
|
+
mergedClaims,
|
|
534
|
+
Constants.ClaimsRequestKeys.ID_TOKEN
|
|
535
|
+
)
|
|
536
|
+
) {
|
|
537
|
+
mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN] = {};
|
|
538
|
+
}
|
|
539
|
+
const idTokenClaims = mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN];
|
|
540
|
+
for (const [key, value] of Object.entries(DEFAULT_ID_TOKEN_CLAIMS)) {
|
|
541
|
+
if (!(key in idTokenClaims)) {
|
|
542
|
+
idTokenClaims[key] = value;
|
|
543
|
+
}
|
|
544
|
+
}
|
|
545
|
+
|
|
546
|
+
// Add client capabilities
|
|
515
547
|
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
516
548
|
if (
|
|
517
|
-
!
|
|
549
|
+
!Object.prototype.hasOwnProperty.call(
|
|
550
|
+
mergedClaims,
|
|
518
551
|
Constants.ClaimsRequestKeys.ACCESS_TOKEN
|
|
519
552
|
)
|
|
520
553
|
) {
|
|
@@ -597,24 +630,14 @@ export function addServerTelemetry(
|
|
|
597
630
|
parameters: Map<string, string>,
|
|
598
631
|
serverTelemetryManager: ServerTelemetryManager
|
|
599
632
|
): void {
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
currentTelemetryHeader
|
|
609
|
-
);
|
|
610
|
-
}
|
|
611
|
-
|
|
612
|
-
if (lastTelemetryHeader) {
|
|
613
|
-
parameters.set(
|
|
614
|
-
AADServerParamKeys.X_CLIENT_LAST_TELEM,
|
|
615
|
-
lastTelemetryHeader
|
|
616
|
-
);
|
|
617
|
-
}
|
|
633
|
+
parameters.set(
|
|
634
|
+
AADServerParamKeys.X_CLIENT_CURR_TELEM,
|
|
635
|
+
serverTelemetryManager.generateCurrentRequestHeaderValue()
|
|
636
|
+
);
|
|
637
|
+
parameters.set(
|
|
638
|
+
AADServerParamKeys.X_CLIENT_LAST_TELEM,
|
|
639
|
+
serverTelemetryManager.generateLastRequestHeaderValue()
|
|
640
|
+
);
|
|
618
641
|
}
|
|
619
642
|
|
|
620
643
|
/**
|
package/src/request/ScopeSet.ts
CHANGED
|
@@ -26,8 +26,10 @@ import {
|
|
|
26
26
|
export class ScopeSet {
|
|
27
27
|
// Scopes as a Set of strings
|
|
28
28
|
private scopes: Set<string>;
|
|
29
|
+
private correlationId: string;
|
|
29
30
|
|
|
30
|
-
constructor(inputScopes: Array<string
|
|
31
|
+
constructor(inputScopes: Array<string>, correlationId: string) {
|
|
32
|
+
this.correlationId = correlationId;
|
|
31
33
|
// Filter empty string and null/undefined array items
|
|
32
34
|
const scopeArr = inputScopes
|
|
33
35
|
? StringUtils.trimArrayEntries([...inputScopes])
|
|
@@ -39,7 +41,8 @@ export class ScopeSet {
|
|
|
39
41
|
// Check if scopes array has at least one member
|
|
40
42
|
if (!filteredInput || !filteredInput.length) {
|
|
41
43
|
throw createClientConfigurationError(
|
|
42
|
-
ClientConfigurationErrorCodes.emptyInputScopesError
|
|
44
|
+
ClientConfigurationErrorCodes.emptyInputScopesError,
|
|
45
|
+
correlationId
|
|
43
46
|
);
|
|
44
47
|
}
|
|
45
48
|
|
|
@@ -53,10 +56,13 @@ export class ScopeSet {
|
|
|
53
56
|
* @param appClientId
|
|
54
57
|
* @param scopesRequired
|
|
55
58
|
*/
|
|
56
|
-
static fromString(
|
|
59
|
+
static fromString(
|
|
60
|
+
inputScopeString: string,
|
|
61
|
+
correlationId: string
|
|
62
|
+
): ScopeSet {
|
|
57
63
|
const scopeString = inputScopeString || "";
|
|
58
64
|
const inputScopes: Array<string> = scopeString.split(" ");
|
|
59
|
-
return new ScopeSet(inputScopes);
|
|
65
|
+
return new ScopeSet(inputScopes, correlationId);
|
|
60
66
|
}
|
|
61
67
|
|
|
62
68
|
/**
|
|
@@ -64,14 +70,17 @@ export class ScopeSet {
|
|
|
64
70
|
* @param inputScopeString
|
|
65
71
|
* @returns
|
|
66
72
|
*/
|
|
67
|
-
static createSearchScopes(
|
|
73
|
+
static createSearchScopes(
|
|
74
|
+
inputScopeString: Array<string>,
|
|
75
|
+
correlationId: string
|
|
76
|
+
): ScopeSet {
|
|
68
77
|
// Handle empty scopes by using default OIDC scopes for cache lookup
|
|
69
78
|
const scopesToUse =
|
|
70
79
|
inputScopeString && inputScopeString.length > 0
|
|
71
80
|
? inputScopeString
|
|
72
81
|
: [...OIDC_DEFAULT_SCOPES];
|
|
73
82
|
|
|
74
|
-
const scopeSet = new ScopeSet(scopesToUse);
|
|
83
|
+
const scopeSet = new ScopeSet(scopesToUse, correlationId);
|
|
75
84
|
if (!scopeSet.containsOnlyOIDCScopes()) {
|
|
76
85
|
scopeSet.removeOIDCScopes();
|
|
77
86
|
} else {
|
|
@@ -87,7 +96,10 @@ export class ScopeSet {
|
|
|
87
96
|
*/
|
|
88
97
|
containsScope(scope: string): boolean {
|
|
89
98
|
const lowerCaseScopes = this.printScopesLowerCase().split(" ");
|
|
90
|
-
const lowerCaseScopesSet = new ScopeSet(
|
|
99
|
+
const lowerCaseScopesSet = new ScopeSet(
|
|
100
|
+
lowerCaseScopes,
|
|
101
|
+
this.correlationId
|
|
102
|
+
);
|
|
91
103
|
// compare lowercase scopes
|
|
92
104
|
return scope
|
|
93
105
|
? lowerCaseScopesSet.scopes.has(scope.toLowerCase())
|
|
@@ -142,7 +154,8 @@ export class ScopeSet {
|
|
|
142
154
|
newScopes.forEach((newScope) => this.appendScope(newScope));
|
|
143
155
|
} catch (e) {
|
|
144
156
|
throw createClientAuthError(
|
|
145
|
-
ClientAuthErrorCodes.cannotAppendScopeSet
|
|
157
|
+
ClientAuthErrorCodes.cannotAppendScopeSet,
|
|
158
|
+
this.correlationId
|
|
146
159
|
);
|
|
147
160
|
}
|
|
148
161
|
}
|
|
@@ -154,7 +167,8 @@ export class ScopeSet {
|
|
|
154
167
|
removeScope(scope: string): void {
|
|
155
168
|
if (!scope) {
|
|
156
169
|
throw createClientAuthError(
|
|
157
|
-
ClientAuthErrorCodes.cannotRemoveEmptyScope
|
|
170
|
+
ClientAuthErrorCodes.cannotRemoveEmptyScope,
|
|
171
|
+
this.correlationId
|
|
158
172
|
);
|
|
159
173
|
}
|
|
160
174
|
this.scopes.delete(scope.trim());
|
|
@@ -177,7 +191,8 @@ export class ScopeSet {
|
|
|
177
191
|
unionScopeSets(otherScopes: ScopeSet): Set<string> {
|
|
178
192
|
if (!otherScopes) {
|
|
179
193
|
throw createClientAuthError(
|
|
180
|
-
ClientAuthErrorCodes.emptyInputScopeSet
|
|
194
|
+
ClientAuthErrorCodes.emptyInputScopeSet,
|
|
195
|
+
this.correlationId
|
|
181
196
|
);
|
|
182
197
|
}
|
|
183
198
|
const unionScopes = new Set<string>(); // Iterator in constructor not supported in IE11
|
|
@@ -195,7 +210,8 @@ export class ScopeSet {
|
|
|
195
210
|
intersectingScopeSets(otherScopes: ScopeSet): boolean {
|
|
196
211
|
if (!otherScopes) {
|
|
197
212
|
throw createClientAuthError(
|
|
198
|
-
ClientAuthErrorCodes.emptyInputScopeSet
|
|
213
|
+
ClientAuthErrorCodes.emptyInputScopeSet,
|
|
214
|
+
this.correlationId
|
|
199
215
|
);
|
|
200
216
|
}
|
|
201
217
|
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* Response body returned by the IMDS compute metadata endpoint
|
|
8
|
+
* (http://169.254.169.254/metadata/instance/compute). Only the `location`
|
|
9
|
+
* field is used for region auto-discovery. `location` is optional because the
|
|
10
|
+
* IMDS response can legitimately omit it or return `null`.
|
|
11
|
+
*/
|
|
12
|
+
export type ImdsComputeResponse = {
|
|
13
|
+
location?: string;
|
|
14
|
+
};
|
|
@@ -8,11 +8,7 @@ import {
|
|
|
8
8
|
buildTenantProfile,
|
|
9
9
|
updateAccountTenantProfileData,
|
|
10
10
|
} from "../account/AccountInfo.js";
|
|
11
|
-
import {
|
|
12
|
-
checkMaxAge,
|
|
13
|
-
extractTokenClaims,
|
|
14
|
-
isKmsi,
|
|
15
|
-
} from "../account/AuthToken.js";
|
|
11
|
+
import { extractTokenClaims, isKmsi } from "../account/AuthToken.js";
|
|
16
12
|
import {
|
|
17
13
|
TokenClaims,
|
|
18
14
|
getTenantIdFromIdTokenClaims,
|
|
@@ -117,7 +113,8 @@ export class ResponseHandler {
|
|
|
117
113
|
? serverResponse.error_codes[0]
|
|
118
114
|
: undefined;
|
|
119
115
|
const serverError = new ServerError(
|
|
120
|
-
serverResponse.error,
|
|
116
|
+
serverResponse.error || "",
|
|
117
|
+
serverResponse.correlation_id || "",
|
|
121
118
|
errString,
|
|
122
119
|
serverResponse.suberror,
|
|
123
120
|
serverErrorNo,
|
|
@@ -164,12 +161,12 @@ export class ResponseHandler {
|
|
|
164
161
|
)
|
|
165
162
|
) {
|
|
166
163
|
throw new InteractionRequiredAuthError(
|
|
167
|
-
serverResponse.error,
|
|
164
|
+
serverResponse.error || "",
|
|
165
|
+
serverResponse.correlation_id || "",
|
|
168
166
|
serverResponse.error_description,
|
|
169
167
|
serverResponse.suberror,
|
|
170
168
|
serverResponse.timestamp || "",
|
|
171
169
|
serverResponse.trace_id || "",
|
|
172
|
-
serverResponse.correlation_id || "",
|
|
173
170
|
serverResponse.claims || "",
|
|
174
171
|
serverErrorNo
|
|
175
172
|
);
|
|
@@ -194,35 +191,26 @@ export class ResponseHandler {
|
|
|
194
191
|
userAssertionHash?: string,
|
|
195
192
|
handlingRefreshTokenResponse?: boolean,
|
|
196
193
|
forceCacheRefreshTokenResponse?: boolean,
|
|
197
|
-
serverRequestId?: string
|
|
194
|
+
serverRequestId?: string,
|
|
195
|
+
additionalCacheKeyComponents?: Record<string, string>
|
|
198
196
|
): Promise<AuthenticationResult> {
|
|
199
197
|
// create an idToken object (not entity)
|
|
200
198
|
let idTokenClaims: TokenClaims | undefined;
|
|
201
199
|
if (serverTokenResponse.id_token) {
|
|
202
200
|
idTokenClaims = extractTokenClaims(
|
|
203
201
|
serverTokenResponse.id_token || "",
|
|
204
|
-
this.cryptoObj.base64Decode
|
|
202
|
+
this.cryptoObj.base64Decode,
|
|
203
|
+
request.correlationId
|
|
205
204
|
);
|
|
206
205
|
|
|
207
206
|
// token nonce check (TODO: Add a warning if no nonce is given?)
|
|
208
207
|
if (authCodePayload && authCodePayload.nonce) {
|
|
209
208
|
if (idTokenClaims.nonce !== authCodePayload.nonce) {
|
|
210
209
|
throw createClientAuthError(
|
|
211
|
-
ClientAuthErrorCodes.nonceMismatch
|
|
212
|
-
|
|
213
|
-
}
|
|
214
|
-
}
|
|
215
|
-
|
|
216
|
-
// token max_age check
|
|
217
|
-
if (request.maxAge || request.maxAge === 0) {
|
|
218
|
-
const authTime = idTokenClaims.auth_time;
|
|
219
|
-
if (!authTime) {
|
|
220
|
-
throw createClientAuthError(
|
|
221
|
-
ClientAuthErrorCodes.authTimeNotFound
|
|
210
|
+
ClientAuthErrorCodes.nonceMismatch,
|
|
211
|
+
request.correlationId
|
|
222
212
|
);
|
|
223
213
|
}
|
|
224
|
-
|
|
225
|
-
checkMaxAge(authTime, request.maxAge);
|
|
226
214
|
}
|
|
227
215
|
}
|
|
228
216
|
|
|
@@ -241,7 +229,8 @@ export class ResponseHandler {
|
|
|
241
229
|
if (!!authCodePayload && !!authCodePayload.state) {
|
|
242
230
|
requestStateObj = ProtocolUtils.parseRequestState(
|
|
243
231
|
this.cryptoObj.base64Decode,
|
|
244
|
-
authCodePayload.state
|
|
232
|
+
authCodePayload.state,
|
|
233
|
+
request.correlationId
|
|
245
234
|
);
|
|
246
235
|
}
|
|
247
236
|
|
|
@@ -256,7 +245,8 @@ export class ResponseHandler {
|
|
|
256
245
|
request,
|
|
257
246
|
idTokenClaims,
|
|
258
247
|
userAssertionHash,
|
|
259
|
-
authCodePayload
|
|
248
|
+
authCodePayload,
|
|
249
|
+
additionalCacheKeyComponents
|
|
260
250
|
);
|
|
261
251
|
let cacheContext;
|
|
262
252
|
try {
|
|
@@ -363,12 +353,14 @@ export class ResponseHandler {
|
|
|
363
353
|
request: BaseAuthRequest,
|
|
364
354
|
idTokenClaims?: TokenClaims,
|
|
365
355
|
userAssertionHash?: string,
|
|
366
|
-
authCodePayload?: AuthorizationCodePayload
|
|
356
|
+
authCodePayload?: AuthorizationCodePayload,
|
|
357
|
+
additionalCacheKeyComponents?: Record<string, string>
|
|
367
358
|
): CacheRecord {
|
|
368
359
|
const env = authority.getPreferredCache();
|
|
369
360
|
if (!env) {
|
|
370
361
|
throw createClientAuthError(
|
|
371
|
-
ClientAuthErrorCodes.invalidCacheEnvironment
|
|
362
|
+
ClientAuthErrorCodes.invalidCacheEnvironment,
|
|
363
|
+
request.correlationId
|
|
372
364
|
);
|
|
373
365
|
}
|
|
374
366
|
|
|
@@ -408,8 +400,11 @@ export class ResponseHandler {
|
|
|
408
400
|
if (serverTokenResponse.access_token) {
|
|
409
401
|
// If scopes not returned in server response, use request scopes
|
|
410
402
|
const responseScopes = serverTokenResponse.scope
|
|
411
|
-
? ScopeSet.fromString(
|
|
412
|
-
|
|
403
|
+
? ScopeSet.fromString(
|
|
404
|
+
serverTokenResponse.scope,
|
|
405
|
+
request.correlationId
|
|
406
|
+
)
|
|
407
|
+
: new ScopeSet(request.scopes || [], request.correlationId);
|
|
413
408
|
|
|
414
409
|
/*
|
|
415
410
|
* Use timestamp calculated before request
|
|
@@ -446,10 +441,12 @@ export class ResponseHandler {
|
|
|
446
441
|
tokenExpirationSeconds,
|
|
447
442
|
extendedTokenExpirationSeconds,
|
|
448
443
|
this.cryptoObj.base64Decode,
|
|
444
|
+
request.correlationId,
|
|
449
445
|
refreshOnSeconds,
|
|
450
446
|
serverTokenResponse.token_type,
|
|
451
447
|
userAssertionHash,
|
|
452
|
-
serverTokenResponse.key_id
|
|
448
|
+
serverTokenResponse.key_id,
|
|
449
|
+
additionalCacheKeyComponents
|
|
453
450
|
);
|
|
454
451
|
// Set resource (to be used for MCP scenarios)
|
|
455
452
|
const resource = request.resource || null;
|
|
@@ -553,7 +550,8 @@ export class ResponseHandler {
|
|
|
553
550
|
|
|
554
551
|
if (!keyId) {
|
|
555
552
|
throw createClientAuthError(
|
|
556
|
-
ClientAuthErrorCodes.keyIdMissing
|
|
553
|
+
ClientAuthErrorCodes.keyIdMissing,
|
|
554
|
+
request.correlationId
|
|
557
555
|
);
|
|
558
556
|
}
|
|
559
557
|
|
|
@@ -566,7 +564,8 @@ export class ResponseHandler {
|
|
|
566
564
|
accessToken = cacheRecord.accessToken.secret;
|
|
567
565
|
}
|
|
568
566
|
responseScopes = ScopeSet.fromString(
|
|
569
|
-
cacheRecord.accessToken.target
|
|
567
|
+
cacheRecord.accessToken.target,
|
|
568
|
+
request.correlationId
|
|
570
569
|
).asArray();
|
|
571
570
|
// Access token expiresOn cached in seconds, converting to Date for AuthenticationResult
|
|
572
571
|
expiresOn = TimeUtils.toDateFromSeconds(
|
|
@@ -593,8 +592,20 @@ export class ResponseHandler {
|
|
|
593
592
|
|
|
594
593
|
// for hybrid + native bridge enablement, send back the native account Id
|
|
595
594
|
if (serverTokenResponse?.spa_accountid && !!cacheRecord.account) {
|
|
595
|
+
// Set on deprecated top-level for downgrade compat
|
|
596
596
|
cacheRecord.account.nativeAccountId =
|
|
597
597
|
serverTokenResponse?.spa_accountid;
|
|
598
|
+
// Set on the matching tenant profile (source of truth)
|
|
599
|
+
const targetTenantId = tid || cacheRecord.account.realm;
|
|
600
|
+
if (cacheRecord.account.tenantProfiles) {
|
|
601
|
+
const matchingProfile = cacheRecord.account.tenantProfiles.find(
|
|
602
|
+
(tp) => tp.tenantId === targetTenantId
|
|
603
|
+
);
|
|
604
|
+
if (matchingProfile) {
|
|
605
|
+
matchingProfile.nativeAccountId =
|
|
606
|
+
serverTokenResponse.spa_accountid;
|
|
607
|
+
}
|
|
608
|
+
}
|
|
598
609
|
}
|
|
599
610
|
|
|
600
611
|
const accountInfo: AccountInfo | null = cacheRecord.account
|
|
@@ -692,6 +703,7 @@ export function buildAccountToCache(
|
|
|
692
703
|
nativeAccountId: nativeAccountId,
|
|
693
704
|
},
|
|
694
705
|
authority,
|
|
706
|
+
correlationId,
|
|
695
707
|
base64Decode
|
|
696
708
|
);
|
|
697
709
|
|
|
@@ -707,6 +719,7 @@ export function buildAccountToCache(
|
|
|
707
719
|
homeAccountId,
|
|
708
720
|
baseAccount.localAccountId,
|
|
709
721
|
tenantId,
|
|
722
|
+
nativeAccountId,
|
|
710
723
|
idTokenClaims
|
|
711
724
|
);
|
|
712
725
|
tenantProfiles.push(newTenantProfile);
|
package/src/url/UrlString.ts
CHANGED
|
@@ -17,16 +17,19 @@ import * as Constants from "../utils/Constants.js";
|
|
|
17
17
|
export class UrlString {
|
|
18
18
|
// internal url string field
|
|
19
19
|
private _urlString: string;
|
|
20
|
+
private correlationId: string;
|
|
20
21
|
public get urlString(): string {
|
|
21
22
|
return this._urlString;
|
|
22
23
|
}
|
|
23
24
|
|
|
24
|
-
constructor(url: string) {
|
|
25
|
+
constructor(url: string, correlationId: string) {
|
|
25
26
|
this._urlString = url;
|
|
27
|
+
this.correlationId = correlationId;
|
|
26
28
|
if (!this._urlString) {
|
|
27
29
|
// Throws error if url is empty
|
|
28
30
|
throw createClientConfigurationError(
|
|
29
|
-
ClientConfigurationErrorCodes.urlEmptyError
|
|
31
|
+
ClientConfigurationErrorCodes.urlEmptyError,
|
|
32
|
+
correlationId
|
|
30
33
|
);
|
|
31
34
|
}
|
|
32
35
|
|
|
@@ -69,14 +72,16 @@ export class UrlString {
|
|
|
69
72
|
components = this.getUrlComponents();
|
|
70
73
|
} catch (e) {
|
|
71
74
|
throw createClientConfigurationError(
|
|
72
|
-
ClientConfigurationErrorCodes.urlParseError
|
|
75
|
+
ClientConfigurationErrorCodes.urlParseError,
|
|
76
|
+
this.correlationId
|
|
73
77
|
);
|
|
74
78
|
}
|
|
75
79
|
|
|
76
80
|
// Throw error if URI or path segments are not parseable.
|
|
77
81
|
if (!components.HostNameAndPort || !components.PathSegments) {
|
|
78
82
|
throw createClientConfigurationError(
|
|
79
|
-
ClientConfigurationErrorCodes.urlParseError
|
|
83
|
+
ClientConfigurationErrorCodes.urlParseError,
|
|
84
|
+
this.correlationId
|
|
80
85
|
);
|
|
81
86
|
}
|
|
82
87
|
|
|
@@ -86,7 +91,8 @@ export class UrlString {
|
|
|
86
91
|
components.Protocol.toLowerCase() !== "https:"
|
|
87
92
|
) {
|
|
88
93
|
throw createClientConfigurationError(
|
|
89
|
-
ClientConfigurationErrorCodes.authorityUriInsecure
|
|
94
|
+
ClientConfigurationErrorCodes.authorityUriInsecure,
|
|
95
|
+
this.correlationId
|
|
90
96
|
);
|
|
91
97
|
}
|
|
92
98
|
}
|
|
@@ -130,7 +136,10 @@ export class UrlString {
|
|
|
130
136
|
) {
|
|
131
137
|
pathArray[0] = tenantId;
|
|
132
138
|
}
|
|
133
|
-
return UrlString.constructAuthorityUriFromObject(
|
|
139
|
+
return UrlString.constructAuthorityUriFromObject(
|
|
140
|
+
urlObject,
|
|
141
|
+
this.correlationId
|
|
142
|
+
);
|
|
134
143
|
}
|
|
135
144
|
|
|
136
145
|
/**
|
|
@@ -147,7 +156,8 @@ export class UrlString {
|
|
|
147
156
|
const match = this.urlString.match(regEx);
|
|
148
157
|
if (!match) {
|
|
149
158
|
throw createClientConfigurationError(
|
|
150
|
-
ClientConfigurationErrorCodes.urlParseError
|
|
159
|
+
ClientConfigurationErrorCodes.urlParseError,
|
|
160
|
+
this.correlationId
|
|
151
161
|
);
|
|
152
162
|
}
|
|
153
163
|
|
|
@@ -175,23 +185,28 @@ export class UrlString {
|
|
|
175
185
|
return urlComponents;
|
|
176
186
|
}
|
|
177
187
|
|
|
178
|
-
static getDomainFromUrl(url: string): string {
|
|
188
|
+
static getDomainFromUrl(url: string, correlationId: string): string {
|
|
179
189
|
const regEx = RegExp("^([^:/?#]+://)?([^/?#]*)");
|
|
180
190
|
|
|
181
191
|
const match = url.match(regEx);
|
|
182
192
|
|
|
183
193
|
if (!match) {
|
|
184
194
|
throw createClientConfigurationError(
|
|
185
|
-
ClientConfigurationErrorCodes.urlParseError
|
|
195
|
+
ClientConfigurationErrorCodes.urlParseError,
|
|
196
|
+
correlationId
|
|
186
197
|
);
|
|
187
198
|
}
|
|
188
199
|
|
|
189
200
|
return match[2];
|
|
190
201
|
}
|
|
191
202
|
|
|
192
|
-
static getAbsoluteUrl(
|
|
203
|
+
static getAbsoluteUrl(
|
|
204
|
+
relativeUrl: string,
|
|
205
|
+
baseUrl: string,
|
|
206
|
+
correlationId: string
|
|
207
|
+
): string {
|
|
193
208
|
if (relativeUrl[0] === Constants.FORWARD_SLASH) {
|
|
194
|
-
const url = new UrlString(baseUrl);
|
|
209
|
+
const url = new UrlString(baseUrl, correlationId);
|
|
195
210
|
const baseComponents = url.getUrlComponents();
|
|
196
211
|
|
|
197
212
|
return (
|
|
@@ -205,13 +220,17 @@ export class UrlString {
|
|
|
205
220
|
return relativeUrl;
|
|
206
221
|
}
|
|
207
222
|
|
|
208
|
-
static constructAuthorityUriFromObject(
|
|
223
|
+
static constructAuthorityUriFromObject(
|
|
224
|
+
urlObject: IUri,
|
|
225
|
+
correlationId: string
|
|
226
|
+
): UrlString {
|
|
209
227
|
return new UrlString(
|
|
210
228
|
urlObject.Protocol +
|
|
211
229
|
"//" +
|
|
212
230
|
urlObject.HostNameAndPort +
|
|
213
231
|
"/" +
|
|
214
|
-
urlObject.PathSegments.join("/")
|
|
232
|
+
urlObject.PathSegments.join("/"),
|
|
233
|
+
correlationId
|
|
215
234
|
);
|
|
216
235
|
}
|
|
217
236
|
}
|
|
@@ -11,7 +11,8 @@ import {
|
|
|
11
11
|
export async function getClientAssertion(
|
|
12
12
|
clientAssertion: string | ClientAssertionCallback,
|
|
13
13
|
clientId: string,
|
|
14
|
-
tokenEndpoint?: string
|
|
14
|
+
tokenEndpoint?: string,
|
|
15
|
+
fmiPath?: string
|
|
15
16
|
): Promise<string> {
|
|
16
17
|
if (typeof clientAssertion === "string") {
|
|
17
18
|
return clientAssertion;
|
|
@@ -19,6 +20,7 @@ export async function getClientAssertion(
|
|
|
19
20
|
const config: ClientAssertionConfig = {
|
|
20
21
|
clientId: clientId,
|
|
21
22
|
tokenEndpoint: tokenEndpoint,
|
|
23
|
+
fmiPath: fmiPath,
|
|
22
24
|
};
|
|
23
25
|
return clientAssertion(config);
|
|
24
26
|
}
|
package/src/utils/Constants.ts
CHANGED
|
@@ -33,9 +33,8 @@ export const AUTHORIZATION_PENDING = "authorization_pending";
|
|
|
33
33
|
export const NOT_APPLICABLE = "N/A";
|
|
34
34
|
export const NOT_AVAILABLE = "Not Available";
|
|
35
35
|
export const FORWARD_SLASH = "/";
|
|
36
|
-
export const IMDS_ENDPOINT =
|
|
37
|
-
|
|
38
|
-
export const IMDS_VERSION = "2020-06-01";
|
|
36
|
+
export const IMDS_ENDPOINT = "http://169.254.169.254/metadata/instance/compute";
|
|
37
|
+
export const IMDS_VERSION = "2021-02-01";
|
|
39
38
|
export const IMDS_TIMEOUT = 2000;
|
|
40
39
|
export const AZURE_REGION_AUTO_DISCOVER_FLAG = "TryAutoDetect";
|
|
41
40
|
export const REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX = "login.microsoft.com";
|
|
@@ -122,6 +121,9 @@ export type AADAuthority = (typeof AADAuthority)[keyof typeof AADAuthority];
|
|
|
122
121
|
export const ClaimsRequestKeys = {
|
|
123
122
|
ACCESS_TOKEN: "access_token",
|
|
124
123
|
XMS_CC: "xms_cc",
|
|
124
|
+
ID_TOKEN: "id_token",
|
|
125
|
+
SIGNIN_STATE: "signin_state",
|
|
126
|
+
LOGIN_HINT: "login_hint",
|
|
125
127
|
} as const;
|
|
126
128
|
export type ClaimsRequestKeys =
|
|
127
129
|
(typeof ClaimsRequestKeys)[keyof typeof ClaimsRequestKeys];
|
|
@@ -180,6 +182,7 @@ export const GrantType = {
|
|
|
180
182
|
REFRESH_TOKEN_GRANT: "refresh_token",
|
|
181
183
|
DEVICE_CODE_GRANT: "device_code",
|
|
182
184
|
JWT_BEARER: "urn:ietf:params:oauth:grant-type:jwt-bearer",
|
|
185
|
+
USER_FIC: "user_fic",
|
|
183
186
|
} as const;
|
|
184
187
|
export type GrantType = (typeof GrantType)[keyof typeof GrantType];
|
|
185
188
|
|