@azure/msal-common 16.9.0 → 16.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (383) hide show
  1. package/dist/account/AccountInfo.mjs +9 -3
  2. package/dist/account/AccountInfo.mjs.map +1 -1
  3. package/dist/account/AuthToken.mjs +9 -23
  4. package/dist/account/AuthToken.mjs.map +1 -1
  5. package/dist/account/CcsCredential.mjs +1 -1
  6. package/dist/account/CcsCredential.mjs.map +1 -1
  7. package/dist/account/ClientInfo.mjs +4 -4
  8. package/dist/account/ClientInfo.mjs.map +1 -1
  9. package/dist/account/TokenClaims.mjs +1 -1
  10. package/dist/account/TokenClaims.mjs.map +1 -1
  11. package/dist/authority/Authority.mjs +36 -37
  12. package/dist/authority/Authority.mjs.map +1 -1
  13. package/dist/authority/AuthorityFactory.mjs +3 -3
  14. package/dist/authority/AuthorityFactory.mjs.map +1 -1
  15. package/dist/authority/AuthorityMetadata.mjs +2 -2
  16. package/dist/authority/AuthorityMetadata.mjs.map +1 -1
  17. package/dist/authority/AuthorityOptions.mjs +1 -1
  18. package/dist/authority/AuthorityOptions.mjs.map +1 -1
  19. package/dist/authority/AuthorityType.mjs +1 -1
  20. package/dist/authority/AuthorityType.mjs.map +1 -1
  21. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  22. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  23. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  24. package/dist/authority/ProtocolMode.mjs +1 -1
  25. package/dist/authority/ProtocolMode.mjs.map +1 -1
  26. package/dist/authority/RegionDiscovery.mjs +16 -10
  27. package/dist/authority/RegionDiscovery.mjs.map +1 -1
  28. package/dist/cache/CacheManager.mjs +62 -46
  29. package/dist/cache/CacheManager.mjs.map +1 -1
  30. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  31. package/dist/cache/persistence/TokenCacheContext.mjs.map +1 -1
  32. package/dist/cache/utils/AccountEntityUtils.mjs +18 -8
  33. package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
  34. package/dist/cache/utils/CacheHelpers.mjs +10 -5
  35. package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
  36. package/dist/client/AuthorizationCodeClient.mjs +7 -7
  37. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  38. package/dist/client/RefreshTokenClient.mjs +8 -8
  39. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  40. package/dist/client/SilentFlowClient.mjs +10 -18
  41. package/dist/client/SilentFlowClient.mjs.map +1 -1
  42. package/dist/config/ClientConfiguration.mjs +3 -3
  43. package/dist/config/ClientConfiguration.mjs.map +1 -1
  44. package/dist/constants/AADServerParamKeys.mjs +7 -3
  45. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  46. package/dist/crypto/ICrypto.mjs +11 -11
  47. package/dist/crypto/ICrypto.mjs.map +1 -1
  48. package/dist/crypto/JoseHeader.mjs +3 -3
  49. package/dist/crypto/JoseHeader.mjs.map +1 -1
  50. package/dist/crypto/PopTokenGenerator.mjs +2 -2
  51. package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
  52. package/dist/error/AuthError.mjs +5 -7
  53. package/dist/error/AuthError.mjs.map +1 -1
  54. package/dist/error/AuthErrorCodes.mjs +1 -1
  55. package/dist/error/CacheError.mjs +1 -1
  56. package/dist/error/CacheError.mjs.map +1 -1
  57. package/dist/error/CacheErrorCodes.mjs +1 -1
  58. package/dist/error/ClientAuthError.mjs +5 -5
  59. package/dist/error/ClientAuthError.mjs.map +1 -1
  60. package/dist/error/ClientAuthErrorCodes.mjs +2 -4
  61. package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
  62. package/dist/error/ClientConfigurationError.mjs +5 -5
  63. package/dist/error/ClientConfigurationError.mjs.map +1 -1
  64. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  65. package/dist/error/InteractionRequiredAuthError.mjs +5 -6
  66. package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  67. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  68. package/dist/error/JoseHeaderError.mjs +5 -5
  69. package/dist/error/JoseHeaderError.mjs.map +1 -1
  70. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  71. package/dist/error/NetworkError.mjs +2 -2
  72. package/dist/error/NetworkError.mjs.map +1 -1
  73. package/dist/error/PlatformBrokerError.mjs +3 -3
  74. package/dist/error/PlatformBrokerError.mjs.map +1 -1
  75. package/dist/error/ServerError.mjs +3 -3
  76. package/dist/error/ServerError.mjs.map +1 -1
  77. package/dist/index-node.mjs +53 -53
  78. package/dist/index.mjs +59 -59
  79. package/dist/logger/Logger.mjs +1 -1
  80. package/dist/logger/Logger.mjs.map +1 -1
  81. package/dist/network/INetworkModule.mjs +4 -3
  82. package/dist/network/INetworkModule.mjs.map +1 -1
  83. package/dist/network/RequestThumbprint.mjs +1 -1
  84. package/dist/network/ThrottlingUtils.mjs +2 -2
  85. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  86. package/dist/packageMetadata.mjs +2 -2
  87. package/dist/protocol/Authorize.mjs +16 -14
  88. package/dist/protocol/Authorize.mjs.map +1 -1
  89. package/dist/protocol/Token.mjs +2 -2
  90. package/dist/protocol/Token.mjs.map +1 -1
  91. package/dist/request/AuthenticationHeaderParser.mjs +4 -4
  92. package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
  93. package/dist/request/BaseAuthRequest.mjs +3 -3
  94. package/dist/request/BaseAuthRequest.mjs.map +1 -1
  95. package/dist/request/RequestParameterBuilder.mjs +51 -33
  96. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  97. package/dist/request/ScopeSet.mjs +13 -12
  98. package/dist/request/ScopeSet.mjs.map +1 -1
  99. package/dist/response/ResponseHandler.mjs +29 -27
  100. package/dist/response/ResponseHandler.mjs.map +1 -1
  101. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  102. package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
  103. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  104. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  105. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  106. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  107. package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
  108. package/dist/telemetry/server/ServerTelemetryManager.mjs +2 -2
  109. package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  110. package/dist/url/UrlString.mjs +15 -14
  111. package/dist/url/UrlString.mjs.map +1 -1
  112. package/dist/utils/ClientAssertionUtils.mjs +3 -2
  113. package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
  114. package/dist/utils/Constants.mjs +7 -3
  115. package/dist/utils/Constants.mjs.map +1 -1
  116. package/dist/utils/FunctionWrappers.mjs +1 -1
  117. package/dist/utils/FunctionWrappers.mjs.map +1 -1
  118. package/dist/utils/ProtocolUtils.mjs +12 -9
  119. package/dist/utils/ProtocolUtils.mjs.map +1 -1
  120. package/dist/utils/StringUtils.mjs +1 -1
  121. package/dist/utils/StringUtils.mjs.map +1 -1
  122. package/dist/utils/TimeUtils.mjs +1 -1
  123. package/dist/utils/TimeUtils.mjs.map +1 -1
  124. package/dist/utils/UrlUtils.mjs +4 -4
  125. package/dist/utils/UrlUtils.mjs.map +1 -1
  126. package/dist-browser/account/AccountInfo.mjs +9 -3
  127. package/dist-browser/account/AccountInfo.mjs.map +1 -1
  128. package/dist-browser/account/AuthToken.mjs +9 -23
  129. package/dist-browser/account/AuthToken.mjs.map +1 -1
  130. package/dist-browser/account/CcsCredential.mjs +1 -1
  131. package/dist-browser/account/CcsCredential.mjs.map +1 -1
  132. package/dist-browser/account/ClientInfo.mjs +4 -4
  133. package/dist-browser/account/ClientInfo.mjs.map +1 -1
  134. package/dist-browser/account/TokenClaims.mjs +1 -1
  135. package/dist-browser/account/TokenClaims.mjs.map +1 -1
  136. package/dist-browser/authority/Authority.mjs +36 -37
  137. package/dist-browser/authority/Authority.mjs.map +1 -1
  138. package/dist-browser/authority/AuthorityFactory.mjs +3 -3
  139. package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
  140. package/dist-browser/authority/AuthorityMetadata.mjs +2 -2
  141. package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
  142. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  143. package/dist-browser/authority/AuthorityOptions.mjs.map +1 -1
  144. package/dist-browser/authority/AuthorityType.mjs +1 -1
  145. package/dist-browser/authority/AuthorityType.mjs.map +1 -1
  146. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  147. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  148. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  149. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  150. package/dist-browser/authority/ProtocolMode.mjs.map +1 -1
  151. package/dist-browser/authority/RegionDiscovery.mjs +16 -10
  152. package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
  153. package/dist-browser/cache/CacheManager.mjs +62 -46
  154. package/dist-browser/cache/CacheManager.mjs.map +1 -1
  155. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  156. package/dist-browser/cache/persistence/TokenCacheContext.mjs.map +1 -1
  157. package/dist-browser/cache/utils/AccountEntityUtils.mjs +18 -8
  158. package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
  159. package/dist-browser/cache/utils/CacheHelpers.mjs +10 -5
  160. package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
  161. package/dist-browser/client/AuthorizationCodeClient.mjs +7 -7
  162. package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
  163. package/dist-browser/client/RefreshTokenClient.mjs +8 -8
  164. package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
  165. package/dist-browser/client/SilentFlowClient.mjs +10 -18
  166. package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
  167. package/dist-browser/config/ClientConfiguration.mjs +3 -3
  168. package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
  169. package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
  170. package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
  171. package/dist-browser/crypto/ICrypto.mjs +11 -11
  172. package/dist-browser/crypto/ICrypto.mjs.map +1 -1
  173. package/dist-browser/crypto/JoseHeader.mjs +3 -3
  174. package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
  175. package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
  176. package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
  177. package/dist-browser/error/AuthError.mjs +5 -7
  178. package/dist-browser/error/AuthError.mjs.map +1 -1
  179. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  180. package/dist-browser/error/CacheError.mjs +1 -1
  181. package/dist-browser/error/CacheError.mjs.map +1 -1
  182. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  183. package/dist-browser/error/ClientAuthError.mjs +5 -5
  184. package/dist-browser/error/ClientAuthError.mjs.map +1 -1
  185. package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
  186. package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
  187. package/dist-browser/error/ClientConfigurationError.mjs +5 -5
  188. package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
  189. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  190. package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
  191. package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
  192. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  193. package/dist-browser/error/JoseHeaderError.mjs +5 -5
  194. package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
  195. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  196. package/dist-browser/error/NetworkError.mjs +2 -2
  197. package/dist-browser/error/NetworkError.mjs.map +1 -1
  198. package/dist-browser/error/PlatformBrokerError.mjs +3 -3
  199. package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
  200. package/dist-browser/error/ServerError.mjs +3 -3
  201. package/dist-browser/error/ServerError.mjs.map +1 -1
  202. package/dist-browser/index-browser.mjs +55 -55
  203. package/dist-browser/index.mjs +59 -59
  204. package/dist-browser/log-strings-mapping.json +2 -2
  205. package/dist-browser/logger/Logger.mjs +1 -1
  206. package/dist-browser/logger/Logger.mjs.map +1 -1
  207. package/dist-browser/network/INetworkModule.mjs +4 -3
  208. package/dist-browser/network/INetworkModule.mjs.map +1 -1
  209. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  210. package/dist-browser/network/ThrottlingUtils.mjs +2 -2
  211. package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
  212. package/dist-browser/packageMetadata.mjs +2 -2
  213. package/dist-browser/protocol/Authorize.mjs +16 -14
  214. package/dist-browser/protocol/Authorize.mjs.map +1 -1
  215. package/dist-browser/protocol/Token.mjs +2 -2
  216. package/dist-browser/protocol/Token.mjs.map +1 -1
  217. package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
  218. package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
  219. package/dist-browser/request/BaseAuthRequest.mjs +3 -3
  220. package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
  221. package/dist-browser/request/RequestParameterBuilder.mjs +51 -33
  222. package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
  223. package/dist-browser/request/ScopeSet.mjs +13 -12
  224. package/dist-browser/request/ScopeSet.mjs.map +1 -1
  225. package/dist-browser/response/ResponseHandler.mjs +29 -27
  226. package/dist-browser/response/ResponseHandler.mjs.map +1 -1
  227. package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
  228. package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
  229. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
  230. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  231. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  232. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  233. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
  234. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +2 -2
  235. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  236. package/dist-browser/url/UrlString.mjs +15 -14
  237. package/dist-browser/url/UrlString.mjs.map +1 -1
  238. package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
  239. package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
  240. package/dist-browser/utils/Constants.mjs +7 -3
  241. package/dist-browser/utils/Constants.mjs.map +1 -1
  242. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  243. package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
  244. package/dist-browser/utils/ProtocolUtils.mjs +12 -9
  245. package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
  246. package/dist-browser/utils/StringUtils.mjs +1 -1
  247. package/dist-browser/utils/StringUtils.mjs.map +1 -1
  248. package/dist-browser/utils/TimeUtils.mjs +1 -1
  249. package/dist-browser/utils/TimeUtils.mjs.map +1 -1
  250. package/dist-browser/utils/UrlUtils.mjs +4 -4
  251. package/dist-browser/utils/UrlUtils.mjs.map +1 -1
  252. package/lib/index-browser.cjs +8 -8
  253. package/lib/index-browser.cjs.map +1 -1
  254. package/lib/{index-node-CcOYLhxB.js → index-node-BSFEsmmC.js} +364 -312
  255. package/lib/index-node-BSFEsmmC.js.map +1 -0
  256. package/lib/index-node.cjs +2 -2
  257. package/lib/index.cjs +2 -2
  258. package/package.json +1 -1
  259. package/src/account/AccountInfo.ts +19 -1
  260. package/src/account/AuthToken.ts +19 -21
  261. package/src/account/ClientCredentials.ts +1 -0
  262. package/src/account/ClientInfo.ts +8 -3
  263. package/src/authority/Authority.ts +72 -37
  264. package/src/authority/AuthorityFactory.ts +4 -2
  265. package/src/authority/AuthorityMetadata.ts +2 -1
  266. package/src/authority/RegionDiscovery.ts +18 -11
  267. package/src/cache/CacheManager.ts +160 -57
  268. package/src/cache/entities/AccountEntity.ts +4 -0
  269. package/src/cache/entities/CredentialEntity.ts +2 -0
  270. package/src/cache/utils/AccountEntityUtils.ts +23 -3
  271. package/src/cache/utils/CacheHelpers.ts +15 -3
  272. package/src/cache/utils/CacheTypes.ts +2 -0
  273. package/src/client/AuthorizationCodeClient.ts +10 -4
  274. package/src/client/RefreshTokenClient.ts +12 -5
  275. package/src/client/SilentFlowClient.ts +17 -20
  276. package/src/config/ClientConfiguration.ts +8 -2
  277. package/src/constants/AADServerParamKeys.ts +5 -0
  278. package/src/crypto/ICrypto.ts +40 -10
  279. package/src/crypto/JoseHeader.ts +8 -2
  280. package/src/crypto/PopTokenGenerator.ts +1 -1
  281. package/src/error/AuthError.ts +9 -5
  282. package/src/error/ClientAuthError.ts +8 -3
  283. package/src/error/ClientAuthErrorCodes.ts +0 -2
  284. package/src/error/ClientConfigurationError.ts +5 -4
  285. package/src/error/InteractionRequiredAuthError.ts +9 -5
  286. package/src/error/JoseHeaderError.ts +11 -4
  287. package/src/error/NetworkError.ts +6 -1
  288. package/src/error/PlatformBrokerError.ts +2 -1
  289. package/src/error/ServerError.ts +3 -2
  290. package/src/network/INetworkModule.ts +3 -2
  291. package/src/network/ThrottlingUtils.ts +1 -0
  292. package/src/packageMetadata.ts +1 -1
  293. package/src/protocol/Authorize.ts +21 -6
  294. package/src/protocol/Token.ts +4 -1
  295. package/src/request/AuthenticationHeaderParser.ts +6 -3
  296. package/src/request/BaseAuthRequest.ts +8 -2
  297. package/src/request/RequestParameterBuilder.ts +66 -43
  298. package/src/request/ScopeSet.ts +27 -11
  299. package/src/response/ImdsComputeResponse.ts +14 -0
  300. package/src/response/ResponseHandler.ts +45 -32
  301. package/src/url/UrlString.ts +32 -13
  302. package/src/utils/ClientAssertionUtils.ts +3 -1
  303. package/src/utils/Constants.ts +6 -3
  304. package/src/utils/ProtocolUtils.ts +26 -8
  305. package/src/utils/UrlUtils.ts +8 -3
  306. package/types/account/AccountInfo.d.ts +8 -2
  307. package/types/account/AccountInfo.d.ts.map +1 -1
  308. package/types/account/AuthToken.d.ts +2 -6
  309. package/types/account/AuthToken.d.ts.map +1 -1
  310. package/types/account/ClientCredentials.d.ts +1 -0
  311. package/types/account/ClientCredentials.d.ts.map +1 -1
  312. package/types/account/ClientInfo.d.ts.map +1 -1
  313. package/types/authority/Authority.d.ts +4 -4
  314. package/types/authority/Authority.d.ts.map +1 -1
  315. package/types/authority/AuthorityFactory.d.ts.map +1 -1
  316. package/types/authority/AuthorityMetadata.d.ts.map +1 -1
  317. package/types/authority/RegionDiscovery.d.ts +3 -2
  318. package/types/authority/RegionDiscovery.d.ts.map +1 -1
  319. package/types/cache/CacheManager.d.ts +0 -7
  320. package/types/cache/CacheManager.d.ts.map +1 -1
  321. package/types/cache/entities/AccountEntity.d.ts +4 -0
  322. package/types/cache/entities/AccountEntity.d.ts.map +1 -1
  323. package/types/cache/entities/CredentialEntity.d.ts +2 -0
  324. package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
  325. package/types/cache/utils/AccountEntityUtils.d.ts +1 -1
  326. package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
  327. package/types/cache/utils/CacheHelpers.d.ts +1 -1
  328. package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
  329. package/types/cache/utils/CacheTypes.d.ts +2 -1
  330. package/types/cache/utils/CacheTypes.d.ts.map +1 -1
  331. package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  332. package/types/client/RefreshTokenClient.d.ts.map +1 -1
  333. package/types/client/SilentFlowClient.d.ts.map +1 -1
  334. package/types/config/ClientConfiguration.d.ts.map +1 -1
  335. package/types/constants/AADServerParamKeys.d.ts +4 -0
  336. package/types/constants/AADServerParamKeys.d.ts.map +1 -1
  337. package/types/crypto/ICrypto.d.ts.map +1 -1
  338. package/types/crypto/JoseHeader.d.ts.map +1 -1
  339. package/types/error/AuthError.d.ts +2 -3
  340. package/types/error/AuthError.d.ts.map +1 -1
  341. package/types/error/ClientAuthError.d.ts +2 -2
  342. package/types/error/ClientAuthError.d.ts.map +1 -1
  343. package/types/error/ClientAuthErrorCodes.d.ts +0 -2
  344. package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
  345. package/types/error/ClientConfigurationError.d.ts +2 -2
  346. package/types/error/ClientConfigurationError.d.ts.map +1 -1
  347. package/types/error/InteractionRequiredAuthError.d.ts +2 -2
  348. package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
  349. package/types/error/JoseHeaderError.d.ts +2 -2
  350. package/types/error/JoseHeaderError.d.ts.map +1 -1
  351. package/types/error/NetworkError.d.ts.map +1 -1
  352. package/types/error/PlatformBrokerError.d.ts +1 -1
  353. package/types/error/PlatformBrokerError.d.ts.map +1 -1
  354. package/types/error/ServerError.d.ts +1 -1
  355. package/types/error/ServerError.d.ts.map +1 -1
  356. package/types/network/INetworkModule.d.ts.map +1 -1
  357. package/types/network/ThrottlingUtils.d.ts.map +1 -1
  358. package/types/packageMetadata.d.ts +1 -1
  359. package/types/packageMetadata.d.ts.map +1 -1
  360. package/types/protocol/Authorize.d.ts +4 -2
  361. package/types/protocol/Authorize.d.ts.map +1 -1
  362. package/types/protocol/Token.d.ts.map +1 -1
  363. package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
  364. package/types/request/BaseAuthRequest.d.ts +4 -0
  365. package/types/request/BaseAuthRequest.d.ts.map +1 -1
  366. package/types/request/RequestParameterBuilder.d.ts +12 -3
  367. package/types/request/RequestParameterBuilder.d.ts.map +1 -1
  368. package/types/request/ScopeSet.d.ts +4 -3
  369. package/types/request/ScopeSet.d.ts.map +1 -1
  370. package/types/response/ImdsComputeResponse.d.ts +10 -0
  371. package/types/response/ImdsComputeResponse.d.ts.map +1 -0
  372. package/types/response/ResponseHandler.d.ts +1 -1
  373. package/types/response/ResponseHandler.d.ts.map +1 -1
  374. package/types/url/UrlString.d.ts +5 -4
  375. package/types/url/UrlString.d.ts.map +1 -1
  376. package/types/utils/ClientAssertionUtils.d.ts +1 -1
  377. package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
  378. package/types/utils/Constants.d.ts +6 -2
  379. package/types/utils/Constants.d.ts.map +1 -1
  380. package/types/utils/ProtocolUtils.d.ts +6 -3
  381. package/types/utils/ProtocolUtils.d.ts.map +1 -1
  382. package/types/utils/UrlUtils.d.ts.map +1 -1
  383. package/lib/index-node-CcOYLhxB.js.map +0 -1
@@ -18,7 +18,6 @@ import {
18
18
  import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
19
19
  import { ClientInfo } from "../account/ClientInfo.js";
20
20
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
21
- import { StringUtils } from "../utils/StringUtils.js";
22
21
 
23
22
  export function instrumentBrokerParams(
24
23
  parameters: Map<string, string>,
@@ -84,6 +83,7 @@ export function addNativeBroker(parameters: Map<string, string>): void {
84
83
  export function addScopes(
85
84
  parameters: Map<string, string>,
86
85
  scopes: string[],
86
+ correlationId: string,
87
87
  addOidcScopes: boolean = true,
88
88
  defaultScopes: Array<string> = Constants.OIDC_DEFAULT_SCOPES
89
89
  ): void {
@@ -98,7 +98,7 @@ export function addScopes(
98
98
  const requestScopes = addOidcScopes
99
99
  ? [...(scopes || []), ...defaultScopes]
100
100
  : scopes || [];
101
- const scopeSet = new ScopeSet(requestScopes);
101
+ const scopeSet = new ScopeSet(requestScopes, correlationId);
102
102
  parameters.set(AADServerParamKeys.SCOPE, scopeSet.printScopes());
103
103
  }
104
104
 
@@ -205,12 +205,14 @@ export function addSid(parameters: Map<string, string>, sid: string): void {
205
205
  * Adds claims to request parameters, conditionally excluding clientCapabilities
206
206
  * when skipBrokerClaims is true and a brokered flow is in effect.
207
207
  * @param parameters - The request parameters map
208
+ * @param correlationId - The request correlation id
208
209
  * @param claims - The claims string from the request
209
210
  * @param clientCapabilities - The client capabilities from configuration
210
211
  * @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
211
212
  */
212
213
  export function addClaims(
213
214
  parameters: Map<string, string>,
215
+ correlationId: string,
214
216
  claims?: string,
215
217
  clientCapabilities?: Array<string>,
216
218
  skipBrokerClaims?: boolean
@@ -221,23 +223,8 @@ export function addClaims(
221
223
  ? undefined
222
224
  : clientCapabilities;
223
225
 
224
- if (
225
- !StringUtils.isEmptyObj(claims) ||
226
- (configClaims && configClaims.length > 0)
227
- ) {
228
- const mergedClaims = addClientCapabilitiesToClaims(
229
- claims,
230
- configClaims
231
- );
232
- try {
233
- JSON.parse(mergedClaims);
234
- } catch (e) {
235
- throw createClientConfigurationError(
236
- ClientConfigurationErrorCodes.invalidClaims
237
- );
238
- }
239
- parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
240
- }
226
+ const mergedClaims = buildMergedClaims(claims, configClaims, correlationId);
227
+ parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
241
228
  }
242
229
 
243
230
  /**
@@ -335,7 +322,8 @@ export function addCodeChallengeParams(
335
322
  );
336
323
  } else {
337
324
  throw createClientConfigurationError(
338
- ClientConfigurationErrorCodes.pkceParamsMissing
325
+ ClientConfigurationErrorCodes.pkceParamsMissing,
326
+ ""
339
327
  );
340
328
  }
341
329
  }
@@ -493,9 +481,27 @@ export function addExtraParameters(
493
481
  });
494
482
  }
495
483
 
496
- export function addClientCapabilitiesToClaims(
484
+ /**
485
+ * Default optional idToken claims requested on all auth requests.
486
+ * signin_state enables KMSI detection; login_hint enables login hint propagation.
487
+ */
488
+ const DEFAULT_ID_TOKEN_CLAIMS: Record<string, { essential: false }> = {
489
+ [Constants.ClaimsRequestKeys.SIGNIN_STATE]: { essential: false },
490
+ [Constants.ClaimsRequestKeys.LOGIN_HINT]: { essential: false },
491
+ };
492
+
493
+ /**
494
+ * Parses claims JSON, merges default optional idToken claims (signin_state, login_hint),
495
+ * and appends client capabilities (xms_cc) to the access_token section.
496
+ * Does not overwrite idToken claims already specified by the caller.
497
+ * @param claims - Existing claims JSON string from the request (may be undefined)
498
+ * @param clientCapabilities - Client capabilities array from configuration
499
+ * @returns Merged claims JSON string
500
+ */
501
+ export function buildMergedClaims(
497
502
  claims?: string,
498
- clientCapabilities?: Array<string>
503
+ clientCapabilities?: Array<string>,
504
+ correlationId: string = ""
499
505
  ): string {
500
506
  let mergedClaims: object;
501
507
 
@@ -504,17 +510,44 @@ export function addClientCapabilitiesToClaims(
504
510
  mergedClaims = {};
505
511
  } else {
506
512
  try {
507
- mergedClaims = JSON.parse(claims);
513
+ const parsed = JSON.parse(claims);
514
+ if (
515
+ typeof parsed !== "object" ||
516
+ parsed === null ||
517
+ Array.isArray(parsed)
518
+ ) {
519
+ throw new Error("Claims must be a JSON object");
520
+ }
521
+ mergedClaims = parsed;
508
522
  } catch (e) {
509
523
  throw createClientConfigurationError(
510
- ClientConfigurationErrorCodes.invalidClaims
524
+ ClientConfigurationErrorCodes.invalidClaims,
525
+ correlationId
511
526
  );
512
527
  }
513
528
  }
514
529
 
530
+ // Add default optional idToken claims
531
+ if (
532
+ !Object.prototype.hasOwnProperty.call(
533
+ mergedClaims,
534
+ Constants.ClaimsRequestKeys.ID_TOKEN
535
+ )
536
+ ) {
537
+ mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN] = {};
538
+ }
539
+ const idTokenClaims = mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN];
540
+ for (const [key, value] of Object.entries(DEFAULT_ID_TOKEN_CLAIMS)) {
541
+ if (!(key in idTokenClaims)) {
542
+ idTokenClaims[key] = value;
543
+ }
544
+ }
545
+
546
+ // Add client capabilities
515
547
  if (clientCapabilities && clientCapabilities.length > 0) {
516
548
  if (
517
- !mergedClaims.hasOwnProperty(
549
+ !Object.prototype.hasOwnProperty.call(
550
+ mergedClaims,
518
551
  Constants.ClaimsRequestKeys.ACCESS_TOKEN
519
552
  )
520
553
  ) {
@@ -597,24 +630,14 @@ export function addServerTelemetry(
597
630
  parameters: Map<string, string>,
598
631
  serverTelemetryManager: ServerTelemetryManager
599
632
  ): void {
600
- const currentTelemetryHeader =
601
- serverTelemetryManager.generateCurrentRequestHeaderValue();
602
- const lastTelemetryHeader =
603
- serverTelemetryManager.generateLastRequestHeaderValue();
604
-
605
- if (currentTelemetryHeader) {
606
- parameters.set(
607
- AADServerParamKeys.X_CLIENT_CURR_TELEM,
608
- currentTelemetryHeader
609
- );
610
- }
611
-
612
- if (lastTelemetryHeader) {
613
- parameters.set(
614
- AADServerParamKeys.X_CLIENT_LAST_TELEM,
615
- lastTelemetryHeader
616
- );
617
- }
633
+ parameters.set(
634
+ AADServerParamKeys.X_CLIENT_CURR_TELEM,
635
+ serverTelemetryManager.generateCurrentRequestHeaderValue()
636
+ );
637
+ parameters.set(
638
+ AADServerParamKeys.X_CLIENT_LAST_TELEM,
639
+ serverTelemetryManager.generateLastRequestHeaderValue()
640
+ );
618
641
  }
619
642
 
620
643
  /**
@@ -26,8 +26,10 @@ import {
26
26
  export class ScopeSet {
27
27
  // Scopes as a Set of strings
28
28
  private scopes: Set<string>;
29
+ private correlationId: string;
29
30
 
30
- constructor(inputScopes: Array<string>) {
31
+ constructor(inputScopes: Array<string>, correlationId: string) {
32
+ this.correlationId = correlationId;
31
33
  // Filter empty string and null/undefined array items
32
34
  const scopeArr = inputScopes
33
35
  ? StringUtils.trimArrayEntries([...inputScopes])
@@ -39,7 +41,8 @@ export class ScopeSet {
39
41
  // Check if scopes array has at least one member
40
42
  if (!filteredInput || !filteredInput.length) {
41
43
  throw createClientConfigurationError(
42
- ClientConfigurationErrorCodes.emptyInputScopesError
44
+ ClientConfigurationErrorCodes.emptyInputScopesError,
45
+ correlationId
43
46
  );
44
47
  }
45
48
 
@@ -53,10 +56,13 @@ export class ScopeSet {
53
56
  * @param appClientId
54
57
  * @param scopesRequired
55
58
  */
56
- static fromString(inputScopeString: string): ScopeSet {
59
+ static fromString(
60
+ inputScopeString: string,
61
+ correlationId: string
62
+ ): ScopeSet {
57
63
  const scopeString = inputScopeString || "";
58
64
  const inputScopes: Array<string> = scopeString.split(" ");
59
- return new ScopeSet(inputScopes);
65
+ return new ScopeSet(inputScopes, correlationId);
60
66
  }
61
67
 
62
68
  /**
@@ -64,14 +70,17 @@ export class ScopeSet {
64
70
  * @param inputScopeString
65
71
  * @returns
66
72
  */
67
- static createSearchScopes(inputScopeString: Array<string>): ScopeSet {
73
+ static createSearchScopes(
74
+ inputScopeString: Array<string>,
75
+ correlationId: string
76
+ ): ScopeSet {
68
77
  // Handle empty scopes by using default OIDC scopes for cache lookup
69
78
  const scopesToUse =
70
79
  inputScopeString && inputScopeString.length > 0
71
80
  ? inputScopeString
72
81
  : [...OIDC_DEFAULT_SCOPES];
73
82
 
74
- const scopeSet = new ScopeSet(scopesToUse);
83
+ const scopeSet = new ScopeSet(scopesToUse, correlationId);
75
84
  if (!scopeSet.containsOnlyOIDCScopes()) {
76
85
  scopeSet.removeOIDCScopes();
77
86
  } else {
@@ -87,7 +96,10 @@ export class ScopeSet {
87
96
  */
88
97
  containsScope(scope: string): boolean {
89
98
  const lowerCaseScopes = this.printScopesLowerCase().split(" ");
90
- const lowerCaseScopesSet = new ScopeSet(lowerCaseScopes);
99
+ const lowerCaseScopesSet = new ScopeSet(
100
+ lowerCaseScopes,
101
+ this.correlationId
102
+ );
91
103
  // compare lowercase scopes
92
104
  return scope
93
105
  ? lowerCaseScopesSet.scopes.has(scope.toLowerCase())
@@ -142,7 +154,8 @@ export class ScopeSet {
142
154
  newScopes.forEach((newScope) => this.appendScope(newScope));
143
155
  } catch (e) {
144
156
  throw createClientAuthError(
145
- ClientAuthErrorCodes.cannotAppendScopeSet
157
+ ClientAuthErrorCodes.cannotAppendScopeSet,
158
+ this.correlationId
146
159
  );
147
160
  }
148
161
  }
@@ -154,7 +167,8 @@ export class ScopeSet {
154
167
  removeScope(scope: string): void {
155
168
  if (!scope) {
156
169
  throw createClientAuthError(
157
- ClientAuthErrorCodes.cannotRemoveEmptyScope
170
+ ClientAuthErrorCodes.cannotRemoveEmptyScope,
171
+ this.correlationId
158
172
  );
159
173
  }
160
174
  this.scopes.delete(scope.trim());
@@ -177,7 +191,8 @@ export class ScopeSet {
177
191
  unionScopeSets(otherScopes: ScopeSet): Set<string> {
178
192
  if (!otherScopes) {
179
193
  throw createClientAuthError(
180
- ClientAuthErrorCodes.emptyInputScopeSet
194
+ ClientAuthErrorCodes.emptyInputScopeSet,
195
+ this.correlationId
181
196
  );
182
197
  }
183
198
  const unionScopes = new Set<string>(); // Iterator in constructor not supported in IE11
@@ -195,7 +210,8 @@ export class ScopeSet {
195
210
  intersectingScopeSets(otherScopes: ScopeSet): boolean {
196
211
  if (!otherScopes) {
197
212
  throw createClientAuthError(
198
- ClientAuthErrorCodes.emptyInputScopeSet
213
+ ClientAuthErrorCodes.emptyInputScopeSet,
214
+ this.correlationId
199
215
  );
200
216
  }
201
217
 
@@ -0,0 +1,14 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ /**
7
+ * Response body returned by the IMDS compute metadata endpoint
8
+ * (http://169.254.169.254/metadata/instance/compute). Only the `location`
9
+ * field is used for region auto-discovery. `location` is optional because the
10
+ * IMDS response can legitimately omit it or return `null`.
11
+ */
12
+ export type ImdsComputeResponse = {
13
+ location?: string;
14
+ };
@@ -8,11 +8,7 @@ import {
8
8
  buildTenantProfile,
9
9
  updateAccountTenantProfileData,
10
10
  } from "../account/AccountInfo.js";
11
- import {
12
- checkMaxAge,
13
- extractTokenClaims,
14
- isKmsi,
15
- } from "../account/AuthToken.js";
11
+ import { extractTokenClaims, isKmsi } from "../account/AuthToken.js";
16
12
  import {
17
13
  TokenClaims,
18
14
  getTenantIdFromIdTokenClaims,
@@ -117,7 +113,8 @@ export class ResponseHandler {
117
113
  ? serverResponse.error_codes[0]
118
114
  : undefined;
119
115
  const serverError = new ServerError(
120
- serverResponse.error,
116
+ serverResponse.error || "",
117
+ serverResponse.correlation_id || "",
121
118
  errString,
122
119
  serverResponse.suberror,
123
120
  serverErrorNo,
@@ -164,12 +161,12 @@ export class ResponseHandler {
164
161
  )
165
162
  ) {
166
163
  throw new InteractionRequiredAuthError(
167
- serverResponse.error,
164
+ serverResponse.error || "",
165
+ serverResponse.correlation_id || "",
168
166
  serverResponse.error_description,
169
167
  serverResponse.suberror,
170
168
  serverResponse.timestamp || "",
171
169
  serverResponse.trace_id || "",
172
- serverResponse.correlation_id || "",
173
170
  serverResponse.claims || "",
174
171
  serverErrorNo
175
172
  );
@@ -194,35 +191,26 @@ export class ResponseHandler {
194
191
  userAssertionHash?: string,
195
192
  handlingRefreshTokenResponse?: boolean,
196
193
  forceCacheRefreshTokenResponse?: boolean,
197
- serverRequestId?: string
194
+ serverRequestId?: string,
195
+ additionalCacheKeyComponents?: Record<string, string>
198
196
  ): Promise<AuthenticationResult> {
199
197
  // create an idToken object (not entity)
200
198
  let idTokenClaims: TokenClaims | undefined;
201
199
  if (serverTokenResponse.id_token) {
202
200
  idTokenClaims = extractTokenClaims(
203
201
  serverTokenResponse.id_token || "",
204
- this.cryptoObj.base64Decode
202
+ this.cryptoObj.base64Decode,
203
+ request.correlationId
205
204
  );
206
205
 
207
206
  // token nonce check (TODO: Add a warning if no nonce is given?)
208
207
  if (authCodePayload && authCodePayload.nonce) {
209
208
  if (idTokenClaims.nonce !== authCodePayload.nonce) {
210
209
  throw createClientAuthError(
211
- ClientAuthErrorCodes.nonceMismatch
212
- );
213
- }
214
- }
215
-
216
- // token max_age check
217
- if (request.maxAge || request.maxAge === 0) {
218
- const authTime = idTokenClaims.auth_time;
219
- if (!authTime) {
220
- throw createClientAuthError(
221
- ClientAuthErrorCodes.authTimeNotFound
210
+ ClientAuthErrorCodes.nonceMismatch,
211
+ request.correlationId
222
212
  );
223
213
  }
224
-
225
- checkMaxAge(authTime, request.maxAge);
226
214
  }
227
215
  }
228
216
 
@@ -241,7 +229,8 @@ export class ResponseHandler {
241
229
  if (!!authCodePayload && !!authCodePayload.state) {
242
230
  requestStateObj = ProtocolUtils.parseRequestState(
243
231
  this.cryptoObj.base64Decode,
244
- authCodePayload.state
232
+ authCodePayload.state,
233
+ request.correlationId
245
234
  );
246
235
  }
247
236
 
@@ -256,7 +245,8 @@ export class ResponseHandler {
256
245
  request,
257
246
  idTokenClaims,
258
247
  userAssertionHash,
259
- authCodePayload
248
+ authCodePayload,
249
+ additionalCacheKeyComponents
260
250
  );
261
251
  let cacheContext;
262
252
  try {
@@ -363,12 +353,14 @@ export class ResponseHandler {
363
353
  request: BaseAuthRequest,
364
354
  idTokenClaims?: TokenClaims,
365
355
  userAssertionHash?: string,
366
- authCodePayload?: AuthorizationCodePayload
356
+ authCodePayload?: AuthorizationCodePayload,
357
+ additionalCacheKeyComponents?: Record<string, string>
367
358
  ): CacheRecord {
368
359
  const env = authority.getPreferredCache();
369
360
  if (!env) {
370
361
  throw createClientAuthError(
371
- ClientAuthErrorCodes.invalidCacheEnvironment
362
+ ClientAuthErrorCodes.invalidCacheEnvironment,
363
+ request.correlationId
372
364
  );
373
365
  }
374
366
 
@@ -408,8 +400,11 @@ export class ResponseHandler {
408
400
  if (serverTokenResponse.access_token) {
409
401
  // If scopes not returned in server response, use request scopes
410
402
  const responseScopes = serverTokenResponse.scope
411
- ? ScopeSet.fromString(serverTokenResponse.scope)
412
- : new ScopeSet(request.scopes || []);
403
+ ? ScopeSet.fromString(
404
+ serverTokenResponse.scope,
405
+ request.correlationId
406
+ )
407
+ : new ScopeSet(request.scopes || [], request.correlationId);
413
408
 
414
409
  /*
415
410
  * Use timestamp calculated before request
@@ -446,10 +441,12 @@ export class ResponseHandler {
446
441
  tokenExpirationSeconds,
447
442
  extendedTokenExpirationSeconds,
448
443
  this.cryptoObj.base64Decode,
444
+ request.correlationId,
449
445
  refreshOnSeconds,
450
446
  serverTokenResponse.token_type,
451
447
  userAssertionHash,
452
- serverTokenResponse.key_id
448
+ serverTokenResponse.key_id,
449
+ additionalCacheKeyComponents
453
450
  );
454
451
  // Set resource (to be used for MCP scenarios)
455
452
  const resource = request.resource || null;
@@ -553,7 +550,8 @@ export class ResponseHandler {
553
550
 
554
551
  if (!keyId) {
555
552
  throw createClientAuthError(
556
- ClientAuthErrorCodes.keyIdMissing
553
+ ClientAuthErrorCodes.keyIdMissing,
554
+ request.correlationId
557
555
  );
558
556
  }
559
557
 
@@ -566,7 +564,8 @@ export class ResponseHandler {
566
564
  accessToken = cacheRecord.accessToken.secret;
567
565
  }
568
566
  responseScopes = ScopeSet.fromString(
569
- cacheRecord.accessToken.target
567
+ cacheRecord.accessToken.target,
568
+ request.correlationId
570
569
  ).asArray();
571
570
  // Access token expiresOn cached in seconds, converting to Date for AuthenticationResult
572
571
  expiresOn = TimeUtils.toDateFromSeconds(
@@ -593,8 +592,20 @@ export class ResponseHandler {
593
592
 
594
593
  // for hybrid + native bridge enablement, send back the native account Id
595
594
  if (serverTokenResponse?.spa_accountid && !!cacheRecord.account) {
595
+ // Set on deprecated top-level for downgrade compat
596
596
  cacheRecord.account.nativeAccountId =
597
597
  serverTokenResponse?.spa_accountid;
598
+ // Set on the matching tenant profile (source of truth)
599
+ const targetTenantId = tid || cacheRecord.account.realm;
600
+ if (cacheRecord.account.tenantProfiles) {
601
+ const matchingProfile = cacheRecord.account.tenantProfiles.find(
602
+ (tp) => tp.tenantId === targetTenantId
603
+ );
604
+ if (matchingProfile) {
605
+ matchingProfile.nativeAccountId =
606
+ serverTokenResponse.spa_accountid;
607
+ }
608
+ }
598
609
  }
599
610
 
600
611
  const accountInfo: AccountInfo | null = cacheRecord.account
@@ -692,6 +703,7 @@ export function buildAccountToCache(
692
703
  nativeAccountId: nativeAccountId,
693
704
  },
694
705
  authority,
706
+ correlationId,
695
707
  base64Decode
696
708
  );
697
709
 
@@ -707,6 +719,7 @@ export function buildAccountToCache(
707
719
  homeAccountId,
708
720
  baseAccount.localAccountId,
709
721
  tenantId,
722
+ nativeAccountId,
710
723
  idTokenClaims
711
724
  );
712
725
  tenantProfiles.push(newTenantProfile);
@@ -17,16 +17,19 @@ import * as Constants from "../utils/Constants.js";
17
17
  export class UrlString {
18
18
  // internal url string field
19
19
  private _urlString: string;
20
+ private correlationId: string;
20
21
  public get urlString(): string {
21
22
  return this._urlString;
22
23
  }
23
24
 
24
- constructor(url: string) {
25
+ constructor(url: string, correlationId: string) {
25
26
  this._urlString = url;
27
+ this.correlationId = correlationId;
26
28
  if (!this._urlString) {
27
29
  // Throws error if url is empty
28
30
  throw createClientConfigurationError(
29
- ClientConfigurationErrorCodes.urlEmptyError
31
+ ClientConfigurationErrorCodes.urlEmptyError,
32
+ correlationId
30
33
  );
31
34
  }
32
35
 
@@ -69,14 +72,16 @@ export class UrlString {
69
72
  components = this.getUrlComponents();
70
73
  } catch (e) {
71
74
  throw createClientConfigurationError(
72
- ClientConfigurationErrorCodes.urlParseError
75
+ ClientConfigurationErrorCodes.urlParseError,
76
+ this.correlationId
73
77
  );
74
78
  }
75
79
 
76
80
  // Throw error if URI or path segments are not parseable.
77
81
  if (!components.HostNameAndPort || !components.PathSegments) {
78
82
  throw createClientConfigurationError(
79
- ClientConfigurationErrorCodes.urlParseError
83
+ ClientConfigurationErrorCodes.urlParseError,
84
+ this.correlationId
80
85
  );
81
86
  }
82
87
 
@@ -86,7 +91,8 @@ export class UrlString {
86
91
  components.Protocol.toLowerCase() !== "https:"
87
92
  ) {
88
93
  throw createClientConfigurationError(
89
- ClientConfigurationErrorCodes.authorityUriInsecure
94
+ ClientConfigurationErrorCodes.authorityUriInsecure,
95
+ this.correlationId
90
96
  );
91
97
  }
92
98
  }
@@ -130,7 +136,10 @@ export class UrlString {
130
136
  ) {
131
137
  pathArray[0] = tenantId;
132
138
  }
133
- return UrlString.constructAuthorityUriFromObject(urlObject);
139
+ return UrlString.constructAuthorityUriFromObject(
140
+ urlObject,
141
+ this.correlationId
142
+ );
134
143
  }
135
144
 
136
145
  /**
@@ -147,7 +156,8 @@ export class UrlString {
147
156
  const match = this.urlString.match(regEx);
148
157
  if (!match) {
149
158
  throw createClientConfigurationError(
150
- ClientConfigurationErrorCodes.urlParseError
159
+ ClientConfigurationErrorCodes.urlParseError,
160
+ this.correlationId
151
161
  );
152
162
  }
153
163
 
@@ -175,23 +185,28 @@ export class UrlString {
175
185
  return urlComponents;
176
186
  }
177
187
 
178
- static getDomainFromUrl(url: string): string {
188
+ static getDomainFromUrl(url: string, correlationId: string): string {
179
189
  const regEx = RegExp("^([^:/?#]+://)?([^/?#]*)");
180
190
 
181
191
  const match = url.match(regEx);
182
192
 
183
193
  if (!match) {
184
194
  throw createClientConfigurationError(
185
- ClientConfigurationErrorCodes.urlParseError
195
+ ClientConfigurationErrorCodes.urlParseError,
196
+ correlationId
186
197
  );
187
198
  }
188
199
 
189
200
  return match[2];
190
201
  }
191
202
 
192
- static getAbsoluteUrl(relativeUrl: string, baseUrl: string): string {
203
+ static getAbsoluteUrl(
204
+ relativeUrl: string,
205
+ baseUrl: string,
206
+ correlationId: string
207
+ ): string {
193
208
  if (relativeUrl[0] === Constants.FORWARD_SLASH) {
194
- const url = new UrlString(baseUrl);
209
+ const url = new UrlString(baseUrl, correlationId);
195
210
  const baseComponents = url.getUrlComponents();
196
211
 
197
212
  return (
@@ -205,13 +220,17 @@ export class UrlString {
205
220
  return relativeUrl;
206
221
  }
207
222
 
208
- static constructAuthorityUriFromObject(urlObject: IUri): UrlString {
223
+ static constructAuthorityUriFromObject(
224
+ urlObject: IUri,
225
+ correlationId: string
226
+ ): UrlString {
209
227
  return new UrlString(
210
228
  urlObject.Protocol +
211
229
  "//" +
212
230
  urlObject.HostNameAndPort +
213
231
  "/" +
214
- urlObject.PathSegments.join("/")
232
+ urlObject.PathSegments.join("/"),
233
+ correlationId
215
234
  );
216
235
  }
217
236
  }
@@ -11,7 +11,8 @@ import {
11
11
  export async function getClientAssertion(
12
12
  clientAssertion: string | ClientAssertionCallback,
13
13
  clientId: string,
14
- tokenEndpoint?: string
14
+ tokenEndpoint?: string,
15
+ fmiPath?: string
15
16
  ): Promise<string> {
16
17
  if (typeof clientAssertion === "string") {
17
18
  return clientAssertion;
@@ -19,6 +20,7 @@ export async function getClientAssertion(
19
20
  const config: ClientAssertionConfig = {
20
21
  clientId: clientId,
21
22
  tokenEndpoint: tokenEndpoint,
23
+ fmiPath: fmiPath,
22
24
  };
23
25
  return clientAssertion(config);
24
26
  }
@@ -33,9 +33,8 @@ export const AUTHORIZATION_PENDING = "authorization_pending";
33
33
  export const NOT_APPLICABLE = "N/A";
34
34
  export const NOT_AVAILABLE = "Not Available";
35
35
  export const FORWARD_SLASH = "/";
36
- export const IMDS_ENDPOINT =
37
- "http://169.254.169.254/metadata/instance/compute/location";
38
- export const IMDS_VERSION = "2020-06-01";
36
+ export const IMDS_ENDPOINT = "http://169.254.169.254/metadata/instance/compute";
37
+ export const IMDS_VERSION = "2021-02-01";
39
38
  export const IMDS_TIMEOUT = 2000;
40
39
  export const AZURE_REGION_AUTO_DISCOVER_FLAG = "TryAutoDetect";
41
40
  export const REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX = "login.microsoft.com";
@@ -122,6 +121,9 @@ export type AADAuthority = (typeof AADAuthority)[keyof typeof AADAuthority];
122
121
  export const ClaimsRequestKeys = {
123
122
  ACCESS_TOKEN: "access_token",
124
123
  XMS_CC: "xms_cc",
124
+ ID_TOKEN: "id_token",
125
+ SIGNIN_STATE: "signin_state",
126
+ LOGIN_HINT: "login_hint",
125
127
  } as const;
126
128
  export type ClaimsRequestKeys =
127
129
  (typeof ClaimsRequestKeys)[keyof typeof ClaimsRequestKeys];
@@ -180,6 +182,7 @@ export const GrantType = {
180
182
  REFRESH_TOKEN_GRANT: "refresh_token",
181
183
  DEVICE_CODE_GRANT: "device_code",
182
184
  JWT_BEARER: "urn:ietf:params:oauth:grant-type:jwt-bearer",
185
+ USER_FIC: "user_fic",
183
186
  } as const;
184
187
  export type GrantType = (typeof GrantType)[keyof typeof GrantType];
185
188