@azure/msal-common 16.9.0 → 16.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +9 -3
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +9 -23
- package/dist/account/AuthToken.mjs.map +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/CcsCredential.mjs.map +1 -1
- package/dist/account/ClientInfo.mjs +4 -4
- package/dist/account/ClientInfo.mjs.map +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/account/TokenClaims.mjs.map +1 -1
- package/dist/authority/Authority.mjs +36 -37
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +3 -3
- package/dist/authority/AuthorityFactory.mjs.map +1 -1
- package/dist/authority/AuthorityMetadata.mjs +2 -2
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs.map +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/AuthorityType.mjs.map +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs.map +1 -1
- package/dist/authority/RegionDiscovery.mjs +16 -10
- package/dist/authority/RegionDiscovery.mjs.map +1 -1
- package/dist/cache/CacheManager.mjs +62 -46
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs.map +1 -1
- package/dist/cache/utils/AccountEntityUtils.mjs +18 -8
- package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +10 -5
- package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +7 -7
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +8 -8
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +10 -18
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.mjs +3 -3
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +7 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +11 -11
- package/dist/crypto/ICrypto.mjs.map +1 -1
- package/dist/crypto/JoseHeader.mjs +3 -3
- package/dist/crypto/JoseHeader.mjs.map +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +2 -2
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.mjs +5 -7
- package/dist/error/AuthError.mjs.map +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +5 -5
- package/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +5 -5
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +5 -5
- package/dist/error/JoseHeaderError.mjs.map +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +2 -2
- package/dist/error/NetworkError.mjs.map +1 -1
- package/dist/error/PlatformBrokerError.mjs +3 -3
- package/dist/error/PlatformBrokerError.mjs.map +1 -1
- package/dist/error/ServerError.mjs +3 -3
- package/dist/error/ServerError.mjs.map +1 -1
- package/dist/index-node.mjs +53 -53
- package/dist/index.mjs +59 -59
- package/dist/logger/Logger.mjs +1 -1
- package/dist/logger/Logger.mjs.map +1 -1
- package/dist/network/INetworkModule.mjs +4 -3
- package/dist/network/INetworkModule.mjs.map +1 -1
- package/dist/network/RequestThumbprint.mjs +2 -1
- package/dist/network/RequestThumbprint.mjs.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +2 -2
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +16 -14
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/protocol/Token.mjs +2 -2
- package/dist/protocol/Token.mjs.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist/request/BaseAuthRequest.mjs +3 -3
- package/dist/request/BaseAuthRequest.mjs.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +51 -33
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +13 -12
- package/dist/request/ScopeSet.mjs.map +1 -1
- package/dist/response/ResponseHandler.mjs +29 -27
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +20 -1
- package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +4 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +2 -2
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.mjs +15 -14
- package/dist/url/UrlString.mjs.map +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +3 -2
- package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist/utils/Constants.mjs +7 -3
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/FunctionWrappers.mjs.map +1 -1
- package/dist/utils/ProtocolUtils.mjs +12 -9
- package/dist/utils/ProtocolUtils.mjs.map +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs.map +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/utils/UrlUtils.mjs +4 -4
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/dist-browser/account/AccountInfo.mjs +9 -3
- package/dist-browser/account/AccountInfo.mjs.map +1 -1
- package/dist-browser/account/AuthToken.mjs +9 -23
- package/dist-browser/account/AuthToken.mjs.map +1 -1
- package/dist-browser/account/CcsCredential.mjs +1 -1
- package/dist-browser/account/CcsCredential.mjs.map +1 -1
- package/dist-browser/account/ClientInfo.mjs +4 -4
- package/dist-browser/account/ClientInfo.mjs.map +1 -1
- package/dist-browser/account/TokenClaims.mjs +1 -1
- package/dist-browser/account/TokenClaims.mjs.map +1 -1
- package/dist-browser/authority/Authority.mjs +36 -37
- package/dist-browser/authority/Authority.mjs.map +1 -1
- package/dist-browser/authority/AuthorityFactory.mjs +3 -3
- package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
- package/dist-browser/authority/AuthorityMetadata.mjs +2 -2
- package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist-browser/authority/AuthorityOptions.mjs +1 -1
- package/dist-browser/authority/AuthorityOptions.mjs.map +1 -1
- package/dist-browser/authority/AuthorityType.mjs +1 -1
- package/dist-browser/authority/AuthorityType.mjs.map +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist-browser/authority/ProtocolMode.mjs +1 -1
- package/dist-browser/authority/ProtocolMode.mjs.map +1 -1
- package/dist-browser/authority/RegionDiscovery.mjs +16 -10
- package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
- package/dist-browser/cache/CacheManager.mjs +62 -46
- package/dist-browser/cache/CacheManager.mjs.map +1 -1
- package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist-browser/cache/persistence/TokenCacheContext.mjs.map +1 -1
- package/dist-browser/cache/utils/AccountEntityUtils.mjs +18 -8
- package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
- package/dist-browser/cache/utils/CacheHelpers.mjs +10 -5
- package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist-browser/client/AuthorizationCodeClient.mjs +7 -7
- package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist-browser/client/RefreshTokenClient.mjs +8 -8
- package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
- package/dist-browser/client/SilentFlowClient.mjs +10 -18
- package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
- package/dist-browser/config/ClientConfiguration.mjs +3 -3
- package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
- package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
- package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist-browser/crypto/ICrypto.mjs +11 -11
- package/dist-browser/crypto/ICrypto.mjs.map +1 -1
- package/dist-browser/crypto/JoseHeader.mjs +3 -3
- package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
- package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
- package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist-browser/error/AuthError.mjs +5 -7
- package/dist-browser/error/AuthError.mjs.map +1 -1
- package/dist-browser/error/AuthErrorCodes.mjs +1 -1
- package/dist-browser/error/CacheError.mjs +1 -1
- package/dist-browser/error/CacheError.mjs.map +1 -1
- package/dist-browser/error/CacheErrorCodes.mjs +1 -1
- package/dist-browser/error/ClientAuthError.mjs +5 -5
- package/dist-browser/error/ClientAuthError.mjs.map +1 -1
- package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
- package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationError.mjs +5 -5
- package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
- package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
- package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist-browser/error/JoseHeaderError.mjs +5 -5
- package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
- package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist-browser/error/NetworkError.mjs +2 -2
- package/dist-browser/error/NetworkError.mjs.map +1 -1
- package/dist-browser/error/PlatformBrokerError.mjs +3 -3
- package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
- package/dist-browser/error/ServerError.mjs +3 -3
- package/dist-browser/error/ServerError.mjs.map +1 -1
- package/dist-browser/index-browser.mjs +55 -55
- package/dist-browser/index.mjs +59 -59
- package/dist-browser/log-strings-mapping.json +2 -2
- package/dist-browser/logger/Logger.mjs +1 -1
- package/dist-browser/logger/Logger.mjs.map +1 -1
- package/dist-browser/network/INetworkModule.mjs +4 -3
- package/dist-browser/network/INetworkModule.mjs.map +1 -1
- package/dist-browser/network/RequestThumbprint.mjs +2 -1
- package/dist-browser/network/RequestThumbprint.mjs.map +1 -1
- package/dist-browser/network/ThrottlingUtils.mjs +2 -2
- package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
- package/dist-browser/packageMetadata.mjs +2 -2
- package/dist-browser/protocol/Authorize.mjs +16 -14
- package/dist-browser/protocol/Authorize.mjs.map +1 -1
- package/dist-browser/protocol/Token.mjs +2 -2
- package/dist-browser/protocol/Token.mjs.map +1 -1
- package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
- package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist-browser/request/BaseAuthRequest.mjs +3 -3
- package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
- package/dist-browser/request/RequestParameterBuilder.mjs +51 -33
- package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist-browser/request/ScopeSet.mjs +13 -12
- package/dist-browser/request/ScopeSet.mjs.map +1 -1
- package/dist-browser/response/ResponseHandler.mjs +29 -27
- package/dist-browser/response/ResponseHandler.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceClient.mjs +20 -1
- package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
- package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +4 -1
- package/dist-browser/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +2 -2
- package/dist-browser/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist-browser/url/UrlString.mjs +15 -14
- package/dist-browser/url/UrlString.mjs.map +1 -1
- package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
- package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist-browser/utils/Constants.mjs +7 -3
- package/dist-browser/utils/Constants.mjs.map +1 -1
- package/dist-browser/utils/FunctionWrappers.mjs +1 -1
- package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
- package/dist-browser/utils/ProtocolUtils.mjs +12 -9
- package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
- package/dist-browser/utils/StringUtils.mjs +1 -1
- package/dist-browser/utils/StringUtils.mjs.map +1 -1
- package/dist-browser/utils/TimeUtils.mjs +1 -1
- package/dist-browser/utils/TimeUtils.mjs.map +1 -1
- package/dist-browser/utils/UrlUtils.mjs +4 -4
- package/dist-browser/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +27 -8
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-CcOYLhxB.js → index-node-C_uKaUiZ.js} +368 -312
- package/lib/index-node-C_uKaUiZ.js.map +1 -0
- package/lib/index-node.cjs +2 -2
- package/lib/index.cjs +2 -2
- package/package.json +1 -1
- package/src/account/AccountInfo.ts +19 -1
- package/src/account/AuthToken.ts +19 -21
- package/src/account/ClientCredentials.ts +1 -0
- package/src/account/ClientInfo.ts +8 -3
- package/src/authority/Authority.ts +72 -37
- package/src/authority/AuthorityFactory.ts +4 -2
- package/src/authority/AuthorityMetadata.ts +2 -1
- package/src/authority/RegionDiscovery.ts +18 -11
- package/src/cache/CacheManager.ts +160 -57
- package/src/cache/entities/AccountEntity.ts +4 -0
- package/src/cache/entities/CredentialEntity.ts +2 -0
- package/src/cache/utils/AccountEntityUtils.ts +23 -3
- package/src/cache/utils/CacheHelpers.ts +15 -3
- package/src/cache/utils/CacheTypes.ts +2 -0
- package/src/client/AuthorizationCodeClient.ts +10 -4
- package/src/client/RefreshTokenClient.ts +12 -5
- package/src/client/SilentFlowClient.ts +17 -20
- package/src/config/ClientConfiguration.ts +8 -2
- package/src/constants/AADServerParamKeys.ts +5 -0
- package/src/crypto/ICrypto.ts +40 -10
- package/src/crypto/JoseHeader.ts +8 -2
- package/src/crypto/PopTokenGenerator.ts +1 -1
- package/src/error/AuthError.ts +9 -5
- package/src/error/ClientAuthError.ts +8 -3
- package/src/error/ClientAuthErrorCodes.ts +0 -2
- package/src/error/ClientConfigurationError.ts +5 -4
- package/src/error/InteractionRequiredAuthError.ts +9 -5
- package/src/error/JoseHeaderError.ts +11 -4
- package/src/error/NetworkError.ts +6 -1
- package/src/error/PlatformBrokerError.ts +2 -1
- package/src/error/ServerError.ts +3 -2
- package/src/network/INetworkModule.ts +3 -2
- package/src/network/RequestThumbprint.ts +2 -0
- package/src/network/ThrottlingUtils.ts +1 -0
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +21 -6
- package/src/protocol/Token.ts +4 -1
- package/src/request/AuthenticationHeaderParser.ts +6 -3
- package/src/request/BaseAuthRequest.ts +8 -2
- package/src/request/RequestParameterBuilder.ts +66 -43
- package/src/request/ScopeSet.ts +27 -11
- package/src/response/ImdsComputeResponse.ts +14 -0
- package/src/response/ResponseHandler.ts +45 -32
- package/src/telemetry/performance/IPerformanceClient.ts +1 -0
- package/src/telemetry/performance/PerformanceClient.ts +28 -0
- package/src/telemetry/performance/StubPerformanceClient.ts +4 -0
- package/src/url/UrlString.ts +32 -13
- package/src/utils/ClientAssertionUtils.ts +3 -1
- package/src/utils/Constants.ts +6 -3
- package/src/utils/ProtocolUtils.ts +26 -8
- package/src/utils/UrlUtils.ts +8 -3
- package/types/account/AccountInfo.d.ts +8 -2
- package/types/account/AccountInfo.d.ts.map +1 -1
- package/types/account/AuthToken.d.ts +2 -6
- package/types/account/AuthToken.d.ts.map +1 -1
- package/types/account/ClientCredentials.d.ts +1 -0
- package/types/account/ClientCredentials.d.ts.map +1 -1
- package/types/account/ClientInfo.d.ts.map +1 -1
- package/types/authority/Authority.d.ts +4 -4
- package/types/authority/Authority.d.ts.map +1 -1
- package/types/authority/AuthorityFactory.d.ts.map +1 -1
- package/types/authority/AuthorityMetadata.d.ts.map +1 -1
- package/types/authority/RegionDiscovery.d.ts +3 -2
- package/types/authority/RegionDiscovery.d.ts.map +1 -1
- package/types/cache/CacheManager.d.ts +0 -7
- package/types/cache/CacheManager.d.ts.map +1 -1
- package/types/cache/entities/AccountEntity.d.ts +4 -0
- package/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/types/cache/entities/CredentialEntity.d.ts +2 -0
- package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/types/cache/utils/AccountEntityUtils.d.ts +1 -1
- package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
- package/types/cache/utils/CacheHelpers.d.ts +1 -1
- package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/types/cache/utils/CacheTypes.d.ts +2 -1
- package/types/cache/utils/CacheTypes.d.ts.map +1 -1
- package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/types/client/SilentFlowClient.d.ts.map +1 -1
- package/types/config/ClientConfiguration.d.ts.map +1 -1
- package/types/constants/AADServerParamKeys.d.ts +4 -0
- package/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/types/crypto/ICrypto.d.ts.map +1 -1
- package/types/crypto/JoseHeader.d.ts.map +1 -1
- package/types/error/AuthError.d.ts +2 -3
- package/types/error/AuthError.d.ts.map +1 -1
- package/types/error/ClientAuthError.d.ts +2 -2
- package/types/error/ClientAuthError.d.ts.map +1 -1
- package/types/error/ClientAuthErrorCodes.d.ts +0 -2
- package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/types/error/ClientConfigurationError.d.ts +2 -2
- package/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/types/error/InteractionRequiredAuthError.d.ts +2 -2
- package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/types/error/JoseHeaderError.d.ts +2 -2
- package/types/error/JoseHeaderError.d.ts.map +1 -1
- package/types/error/NetworkError.d.ts.map +1 -1
- package/types/error/PlatformBrokerError.d.ts +1 -1
- package/types/error/PlatformBrokerError.d.ts.map +1 -1
- package/types/error/ServerError.d.ts +1 -1
- package/types/error/ServerError.d.ts.map +1 -1
- package/types/network/INetworkModule.d.ts.map +1 -1
- package/types/network/RequestThumbprint.d.ts +1 -0
- package/types/network/RequestThumbprint.d.ts.map +1 -1
- package/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/packageMetadata.d.ts.map +1 -1
- package/types/protocol/Authorize.d.ts +4 -2
- package/types/protocol/Authorize.d.ts.map +1 -1
- package/types/protocol/Token.d.ts.map +1 -1
- package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/types/request/BaseAuthRequest.d.ts +4 -0
- package/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/types/request/RequestParameterBuilder.d.ts +12 -3
- package/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/types/request/ScopeSet.d.ts +4 -3
- package/types/request/ScopeSet.d.ts.map +1 -1
- package/types/response/ImdsComputeResponse.d.ts +10 -0
- package/types/response/ImdsComputeResponse.d.ts.map +1 -0
- package/types/response/ResponseHandler.d.ts +1 -1
- package/types/response/ResponseHandler.d.ts.map +1 -1
- package/types/telemetry/performance/IPerformanceClient.d.ts +3 -0
- package/types/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
- package/types/telemetry/performance/PerformanceClient.d.ts +18 -0
- package/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/types/telemetry/performance/StubPerformanceClient.d.ts +1 -0
- package/types/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
- package/types/url/UrlString.d.ts +5 -4
- package/types/url/UrlString.d.ts.map +1 -1
- package/types/utils/ClientAssertionUtils.d.ts +1 -1
- package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
- package/types/utils/Constants.d.ts +6 -2
- package/types/utils/Constants.d.ts.map +1 -1
- package/types/utils/ProtocolUtils.d.ts +6 -3
- package/types/utils/ProtocolUtils.d.ts.map +1 -1
- package/types/utils/UrlUtils.d.ts.map +1 -1
- package/lib/index-node-CcOYLhxB.js.map +0 -1
|
@@ -69,6 +69,10 @@ export type BaseAuthRequest = {
|
|
|
69
69
|
azureCloudOptions?: AzureCloudOptions;
|
|
70
70
|
/**
|
|
71
71
|
* Maximum allowed age, in milliseconds, of the user's authentication before a new sign-in is required.
|
|
72
|
+
* @deprecated This option no longer has any effect and will be removed in a future major version.
|
|
73
|
+
* MSAL does not validate the authentication age of returned tokens. To enforce the OIDC `max_age`
|
|
74
|
+
* parameter, send it via `extraQueryParameters` and validate the `auth_time` claim of the returned
|
|
75
|
+
* token yourself.
|
|
72
76
|
*/
|
|
73
77
|
maxAge?: number;
|
|
74
78
|
/**
|
|
@@ -130,13 +134,15 @@ export function enforceResourceParameter(
|
|
|
130
134
|
containsResourceParam(request.extraQueryParameters))
|
|
131
135
|
) {
|
|
132
136
|
throw createClientAuthError(
|
|
133
|
-
ClientAuthErrorCodes.misplacedResourceParam
|
|
137
|
+
ClientAuthErrorCodes.misplacedResourceParam,
|
|
138
|
+
request.correlationId || ""
|
|
134
139
|
);
|
|
135
140
|
}
|
|
136
141
|
|
|
137
142
|
if (!request.resource) {
|
|
138
143
|
throw createClientAuthError(
|
|
139
|
-
ClientAuthErrorCodes.resourceParameterRequired
|
|
144
|
+
ClientAuthErrorCodes.resourceParameterRequired,
|
|
145
|
+
request.correlationId || ""
|
|
140
146
|
);
|
|
141
147
|
}
|
|
142
148
|
}
|
|
@@ -18,7 +18,6 @@ import {
|
|
|
18
18
|
import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
|
|
19
19
|
import { ClientInfo } from "../account/ClientInfo.js";
|
|
20
20
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
21
|
-
import { StringUtils } from "../utils/StringUtils.js";
|
|
22
21
|
|
|
23
22
|
export function instrumentBrokerParams(
|
|
24
23
|
parameters: Map<string, string>,
|
|
@@ -84,6 +83,7 @@ export function addNativeBroker(parameters: Map<string, string>): void {
|
|
|
84
83
|
export function addScopes(
|
|
85
84
|
parameters: Map<string, string>,
|
|
86
85
|
scopes: string[],
|
|
86
|
+
correlationId: string,
|
|
87
87
|
addOidcScopes: boolean = true,
|
|
88
88
|
defaultScopes: Array<string> = Constants.OIDC_DEFAULT_SCOPES
|
|
89
89
|
): void {
|
|
@@ -98,7 +98,7 @@ export function addScopes(
|
|
|
98
98
|
const requestScopes = addOidcScopes
|
|
99
99
|
? [...(scopes || []), ...defaultScopes]
|
|
100
100
|
: scopes || [];
|
|
101
|
-
const scopeSet = new ScopeSet(requestScopes);
|
|
101
|
+
const scopeSet = new ScopeSet(requestScopes, correlationId);
|
|
102
102
|
parameters.set(AADServerParamKeys.SCOPE, scopeSet.printScopes());
|
|
103
103
|
}
|
|
104
104
|
|
|
@@ -205,12 +205,14 @@ export function addSid(parameters: Map<string, string>, sid: string): void {
|
|
|
205
205
|
* Adds claims to request parameters, conditionally excluding clientCapabilities
|
|
206
206
|
* when skipBrokerClaims is true and a brokered flow is in effect.
|
|
207
207
|
* @param parameters - The request parameters map
|
|
208
|
+
* @param correlationId - The request correlation id
|
|
208
209
|
* @param claims - The claims string from the request
|
|
209
210
|
* @param clientCapabilities - The client capabilities from configuration
|
|
210
211
|
* @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
|
|
211
212
|
*/
|
|
212
213
|
export function addClaims(
|
|
213
214
|
parameters: Map<string, string>,
|
|
215
|
+
correlationId: string,
|
|
214
216
|
claims?: string,
|
|
215
217
|
clientCapabilities?: Array<string>,
|
|
216
218
|
skipBrokerClaims?: boolean
|
|
@@ -221,23 +223,8 @@ export function addClaims(
|
|
|
221
223
|
? undefined
|
|
222
224
|
: clientCapabilities;
|
|
223
225
|
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
(configClaims && configClaims.length > 0)
|
|
227
|
-
) {
|
|
228
|
-
const mergedClaims = addClientCapabilitiesToClaims(
|
|
229
|
-
claims,
|
|
230
|
-
configClaims
|
|
231
|
-
);
|
|
232
|
-
try {
|
|
233
|
-
JSON.parse(mergedClaims);
|
|
234
|
-
} catch (e) {
|
|
235
|
-
throw createClientConfigurationError(
|
|
236
|
-
ClientConfigurationErrorCodes.invalidClaims
|
|
237
|
-
);
|
|
238
|
-
}
|
|
239
|
-
parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
|
|
240
|
-
}
|
|
226
|
+
const mergedClaims = buildMergedClaims(claims, configClaims, correlationId);
|
|
227
|
+
parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
|
|
241
228
|
}
|
|
242
229
|
|
|
243
230
|
/**
|
|
@@ -335,7 +322,8 @@ export function addCodeChallengeParams(
|
|
|
335
322
|
);
|
|
336
323
|
} else {
|
|
337
324
|
throw createClientConfigurationError(
|
|
338
|
-
ClientConfigurationErrorCodes.pkceParamsMissing
|
|
325
|
+
ClientConfigurationErrorCodes.pkceParamsMissing,
|
|
326
|
+
""
|
|
339
327
|
);
|
|
340
328
|
}
|
|
341
329
|
}
|
|
@@ -493,9 +481,27 @@ export function addExtraParameters(
|
|
|
493
481
|
});
|
|
494
482
|
}
|
|
495
483
|
|
|
496
|
-
|
|
484
|
+
/**
|
|
485
|
+
* Default optional idToken claims requested on all auth requests.
|
|
486
|
+
* signin_state enables KMSI detection; login_hint enables login hint propagation.
|
|
487
|
+
*/
|
|
488
|
+
const DEFAULT_ID_TOKEN_CLAIMS: Record<string, { essential: false }> = {
|
|
489
|
+
[Constants.ClaimsRequestKeys.SIGNIN_STATE]: { essential: false },
|
|
490
|
+
[Constants.ClaimsRequestKeys.LOGIN_HINT]: { essential: false },
|
|
491
|
+
};
|
|
492
|
+
|
|
493
|
+
/**
|
|
494
|
+
* Parses claims JSON, merges default optional idToken claims (signin_state, login_hint),
|
|
495
|
+
* and appends client capabilities (xms_cc) to the access_token section.
|
|
496
|
+
* Does not overwrite idToken claims already specified by the caller.
|
|
497
|
+
* @param claims - Existing claims JSON string from the request (may be undefined)
|
|
498
|
+
* @param clientCapabilities - Client capabilities array from configuration
|
|
499
|
+
* @returns Merged claims JSON string
|
|
500
|
+
*/
|
|
501
|
+
export function buildMergedClaims(
|
|
497
502
|
claims?: string,
|
|
498
|
-
clientCapabilities?: Array<string
|
|
503
|
+
clientCapabilities?: Array<string>,
|
|
504
|
+
correlationId: string = ""
|
|
499
505
|
): string {
|
|
500
506
|
let mergedClaims: object;
|
|
501
507
|
|
|
@@ -504,17 +510,44 @@ export function addClientCapabilitiesToClaims(
|
|
|
504
510
|
mergedClaims = {};
|
|
505
511
|
} else {
|
|
506
512
|
try {
|
|
507
|
-
|
|
513
|
+
const parsed = JSON.parse(claims);
|
|
514
|
+
if (
|
|
515
|
+
typeof parsed !== "object" ||
|
|
516
|
+
parsed === null ||
|
|
517
|
+
Array.isArray(parsed)
|
|
518
|
+
) {
|
|
519
|
+
throw new Error("Claims must be a JSON object");
|
|
520
|
+
}
|
|
521
|
+
mergedClaims = parsed;
|
|
508
522
|
} catch (e) {
|
|
509
523
|
throw createClientConfigurationError(
|
|
510
|
-
ClientConfigurationErrorCodes.invalidClaims
|
|
524
|
+
ClientConfigurationErrorCodes.invalidClaims,
|
|
525
|
+
correlationId
|
|
511
526
|
);
|
|
512
527
|
}
|
|
513
528
|
}
|
|
514
529
|
|
|
530
|
+
// Add default optional idToken claims
|
|
531
|
+
if (
|
|
532
|
+
!Object.prototype.hasOwnProperty.call(
|
|
533
|
+
mergedClaims,
|
|
534
|
+
Constants.ClaimsRequestKeys.ID_TOKEN
|
|
535
|
+
)
|
|
536
|
+
) {
|
|
537
|
+
mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN] = {};
|
|
538
|
+
}
|
|
539
|
+
const idTokenClaims = mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN];
|
|
540
|
+
for (const [key, value] of Object.entries(DEFAULT_ID_TOKEN_CLAIMS)) {
|
|
541
|
+
if (!(key in idTokenClaims)) {
|
|
542
|
+
idTokenClaims[key] = value;
|
|
543
|
+
}
|
|
544
|
+
}
|
|
545
|
+
|
|
546
|
+
// Add client capabilities
|
|
515
547
|
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
516
548
|
if (
|
|
517
|
-
!
|
|
549
|
+
!Object.prototype.hasOwnProperty.call(
|
|
550
|
+
mergedClaims,
|
|
518
551
|
Constants.ClaimsRequestKeys.ACCESS_TOKEN
|
|
519
552
|
)
|
|
520
553
|
) {
|
|
@@ -597,24 +630,14 @@ export function addServerTelemetry(
|
|
|
597
630
|
parameters: Map<string, string>,
|
|
598
631
|
serverTelemetryManager: ServerTelemetryManager
|
|
599
632
|
): void {
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
currentTelemetryHeader
|
|
609
|
-
);
|
|
610
|
-
}
|
|
611
|
-
|
|
612
|
-
if (lastTelemetryHeader) {
|
|
613
|
-
parameters.set(
|
|
614
|
-
AADServerParamKeys.X_CLIENT_LAST_TELEM,
|
|
615
|
-
lastTelemetryHeader
|
|
616
|
-
);
|
|
617
|
-
}
|
|
633
|
+
parameters.set(
|
|
634
|
+
AADServerParamKeys.X_CLIENT_CURR_TELEM,
|
|
635
|
+
serverTelemetryManager.generateCurrentRequestHeaderValue()
|
|
636
|
+
);
|
|
637
|
+
parameters.set(
|
|
638
|
+
AADServerParamKeys.X_CLIENT_LAST_TELEM,
|
|
639
|
+
serverTelemetryManager.generateLastRequestHeaderValue()
|
|
640
|
+
);
|
|
618
641
|
}
|
|
619
642
|
|
|
620
643
|
/**
|
package/src/request/ScopeSet.ts
CHANGED
|
@@ -26,8 +26,10 @@ import {
|
|
|
26
26
|
export class ScopeSet {
|
|
27
27
|
// Scopes as a Set of strings
|
|
28
28
|
private scopes: Set<string>;
|
|
29
|
+
private correlationId: string;
|
|
29
30
|
|
|
30
|
-
constructor(inputScopes: Array<string
|
|
31
|
+
constructor(inputScopes: Array<string>, correlationId: string) {
|
|
32
|
+
this.correlationId = correlationId;
|
|
31
33
|
// Filter empty string and null/undefined array items
|
|
32
34
|
const scopeArr = inputScopes
|
|
33
35
|
? StringUtils.trimArrayEntries([...inputScopes])
|
|
@@ -39,7 +41,8 @@ export class ScopeSet {
|
|
|
39
41
|
// Check if scopes array has at least one member
|
|
40
42
|
if (!filteredInput || !filteredInput.length) {
|
|
41
43
|
throw createClientConfigurationError(
|
|
42
|
-
ClientConfigurationErrorCodes.emptyInputScopesError
|
|
44
|
+
ClientConfigurationErrorCodes.emptyInputScopesError,
|
|
45
|
+
correlationId
|
|
43
46
|
);
|
|
44
47
|
}
|
|
45
48
|
|
|
@@ -53,10 +56,13 @@ export class ScopeSet {
|
|
|
53
56
|
* @param appClientId
|
|
54
57
|
* @param scopesRequired
|
|
55
58
|
*/
|
|
56
|
-
static fromString(
|
|
59
|
+
static fromString(
|
|
60
|
+
inputScopeString: string,
|
|
61
|
+
correlationId: string
|
|
62
|
+
): ScopeSet {
|
|
57
63
|
const scopeString = inputScopeString || "";
|
|
58
64
|
const inputScopes: Array<string> = scopeString.split(" ");
|
|
59
|
-
return new ScopeSet(inputScopes);
|
|
65
|
+
return new ScopeSet(inputScopes, correlationId);
|
|
60
66
|
}
|
|
61
67
|
|
|
62
68
|
/**
|
|
@@ -64,14 +70,17 @@ export class ScopeSet {
|
|
|
64
70
|
* @param inputScopeString
|
|
65
71
|
* @returns
|
|
66
72
|
*/
|
|
67
|
-
static createSearchScopes(
|
|
73
|
+
static createSearchScopes(
|
|
74
|
+
inputScopeString: Array<string>,
|
|
75
|
+
correlationId: string
|
|
76
|
+
): ScopeSet {
|
|
68
77
|
// Handle empty scopes by using default OIDC scopes for cache lookup
|
|
69
78
|
const scopesToUse =
|
|
70
79
|
inputScopeString && inputScopeString.length > 0
|
|
71
80
|
? inputScopeString
|
|
72
81
|
: [...OIDC_DEFAULT_SCOPES];
|
|
73
82
|
|
|
74
|
-
const scopeSet = new ScopeSet(scopesToUse);
|
|
83
|
+
const scopeSet = new ScopeSet(scopesToUse, correlationId);
|
|
75
84
|
if (!scopeSet.containsOnlyOIDCScopes()) {
|
|
76
85
|
scopeSet.removeOIDCScopes();
|
|
77
86
|
} else {
|
|
@@ -87,7 +96,10 @@ export class ScopeSet {
|
|
|
87
96
|
*/
|
|
88
97
|
containsScope(scope: string): boolean {
|
|
89
98
|
const lowerCaseScopes = this.printScopesLowerCase().split(" ");
|
|
90
|
-
const lowerCaseScopesSet = new ScopeSet(
|
|
99
|
+
const lowerCaseScopesSet = new ScopeSet(
|
|
100
|
+
lowerCaseScopes,
|
|
101
|
+
this.correlationId
|
|
102
|
+
);
|
|
91
103
|
// compare lowercase scopes
|
|
92
104
|
return scope
|
|
93
105
|
? lowerCaseScopesSet.scopes.has(scope.toLowerCase())
|
|
@@ -142,7 +154,8 @@ export class ScopeSet {
|
|
|
142
154
|
newScopes.forEach((newScope) => this.appendScope(newScope));
|
|
143
155
|
} catch (e) {
|
|
144
156
|
throw createClientAuthError(
|
|
145
|
-
ClientAuthErrorCodes.cannotAppendScopeSet
|
|
157
|
+
ClientAuthErrorCodes.cannotAppendScopeSet,
|
|
158
|
+
this.correlationId
|
|
146
159
|
);
|
|
147
160
|
}
|
|
148
161
|
}
|
|
@@ -154,7 +167,8 @@ export class ScopeSet {
|
|
|
154
167
|
removeScope(scope: string): void {
|
|
155
168
|
if (!scope) {
|
|
156
169
|
throw createClientAuthError(
|
|
157
|
-
ClientAuthErrorCodes.cannotRemoveEmptyScope
|
|
170
|
+
ClientAuthErrorCodes.cannotRemoveEmptyScope,
|
|
171
|
+
this.correlationId
|
|
158
172
|
);
|
|
159
173
|
}
|
|
160
174
|
this.scopes.delete(scope.trim());
|
|
@@ -177,7 +191,8 @@ export class ScopeSet {
|
|
|
177
191
|
unionScopeSets(otherScopes: ScopeSet): Set<string> {
|
|
178
192
|
if (!otherScopes) {
|
|
179
193
|
throw createClientAuthError(
|
|
180
|
-
ClientAuthErrorCodes.emptyInputScopeSet
|
|
194
|
+
ClientAuthErrorCodes.emptyInputScopeSet,
|
|
195
|
+
this.correlationId
|
|
181
196
|
);
|
|
182
197
|
}
|
|
183
198
|
const unionScopes = new Set<string>(); // Iterator in constructor not supported in IE11
|
|
@@ -195,7 +210,8 @@ export class ScopeSet {
|
|
|
195
210
|
intersectingScopeSets(otherScopes: ScopeSet): boolean {
|
|
196
211
|
if (!otherScopes) {
|
|
197
212
|
throw createClientAuthError(
|
|
198
|
-
ClientAuthErrorCodes.emptyInputScopeSet
|
|
213
|
+
ClientAuthErrorCodes.emptyInputScopeSet,
|
|
214
|
+
this.correlationId
|
|
199
215
|
);
|
|
200
216
|
}
|
|
201
217
|
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* Response body returned by the IMDS compute metadata endpoint
|
|
8
|
+
* (http://169.254.169.254/metadata/instance/compute). Only the `location`
|
|
9
|
+
* field is used for region auto-discovery. `location` is optional because the
|
|
10
|
+
* IMDS response can legitimately omit it or return `null`.
|
|
11
|
+
*/
|
|
12
|
+
export type ImdsComputeResponse = {
|
|
13
|
+
location?: string;
|
|
14
|
+
};
|
|
@@ -8,11 +8,7 @@ import {
|
|
|
8
8
|
buildTenantProfile,
|
|
9
9
|
updateAccountTenantProfileData,
|
|
10
10
|
} from "../account/AccountInfo.js";
|
|
11
|
-
import {
|
|
12
|
-
checkMaxAge,
|
|
13
|
-
extractTokenClaims,
|
|
14
|
-
isKmsi,
|
|
15
|
-
} from "../account/AuthToken.js";
|
|
11
|
+
import { extractTokenClaims, isKmsi } from "../account/AuthToken.js";
|
|
16
12
|
import {
|
|
17
13
|
TokenClaims,
|
|
18
14
|
getTenantIdFromIdTokenClaims,
|
|
@@ -117,7 +113,8 @@ export class ResponseHandler {
|
|
|
117
113
|
? serverResponse.error_codes[0]
|
|
118
114
|
: undefined;
|
|
119
115
|
const serverError = new ServerError(
|
|
120
|
-
serverResponse.error,
|
|
116
|
+
serverResponse.error || "",
|
|
117
|
+
serverResponse.correlation_id || "",
|
|
121
118
|
errString,
|
|
122
119
|
serverResponse.suberror,
|
|
123
120
|
serverErrorNo,
|
|
@@ -164,12 +161,12 @@ export class ResponseHandler {
|
|
|
164
161
|
)
|
|
165
162
|
) {
|
|
166
163
|
throw new InteractionRequiredAuthError(
|
|
167
|
-
serverResponse.error,
|
|
164
|
+
serverResponse.error || "",
|
|
165
|
+
serverResponse.correlation_id || "",
|
|
168
166
|
serverResponse.error_description,
|
|
169
167
|
serverResponse.suberror,
|
|
170
168
|
serverResponse.timestamp || "",
|
|
171
169
|
serverResponse.trace_id || "",
|
|
172
|
-
serverResponse.correlation_id || "",
|
|
173
170
|
serverResponse.claims || "",
|
|
174
171
|
serverErrorNo
|
|
175
172
|
);
|
|
@@ -194,35 +191,26 @@ export class ResponseHandler {
|
|
|
194
191
|
userAssertionHash?: string,
|
|
195
192
|
handlingRefreshTokenResponse?: boolean,
|
|
196
193
|
forceCacheRefreshTokenResponse?: boolean,
|
|
197
|
-
serverRequestId?: string
|
|
194
|
+
serverRequestId?: string,
|
|
195
|
+
additionalCacheKeyComponents?: Record<string, string>
|
|
198
196
|
): Promise<AuthenticationResult> {
|
|
199
197
|
// create an idToken object (not entity)
|
|
200
198
|
let idTokenClaims: TokenClaims | undefined;
|
|
201
199
|
if (serverTokenResponse.id_token) {
|
|
202
200
|
idTokenClaims = extractTokenClaims(
|
|
203
201
|
serverTokenResponse.id_token || "",
|
|
204
|
-
this.cryptoObj.base64Decode
|
|
202
|
+
this.cryptoObj.base64Decode,
|
|
203
|
+
request.correlationId
|
|
205
204
|
);
|
|
206
205
|
|
|
207
206
|
// token nonce check (TODO: Add a warning if no nonce is given?)
|
|
208
207
|
if (authCodePayload && authCodePayload.nonce) {
|
|
209
208
|
if (idTokenClaims.nonce !== authCodePayload.nonce) {
|
|
210
209
|
throw createClientAuthError(
|
|
211
|
-
ClientAuthErrorCodes.nonceMismatch
|
|
212
|
-
|
|
213
|
-
}
|
|
214
|
-
}
|
|
215
|
-
|
|
216
|
-
// token max_age check
|
|
217
|
-
if (request.maxAge || request.maxAge === 0) {
|
|
218
|
-
const authTime = idTokenClaims.auth_time;
|
|
219
|
-
if (!authTime) {
|
|
220
|
-
throw createClientAuthError(
|
|
221
|
-
ClientAuthErrorCodes.authTimeNotFound
|
|
210
|
+
ClientAuthErrorCodes.nonceMismatch,
|
|
211
|
+
request.correlationId
|
|
222
212
|
);
|
|
223
213
|
}
|
|
224
|
-
|
|
225
|
-
checkMaxAge(authTime, request.maxAge);
|
|
226
214
|
}
|
|
227
215
|
}
|
|
228
216
|
|
|
@@ -241,7 +229,8 @@ export class ResponseHandler {
|
|
|
241
229
|
if (!!authCodePayload && !!authCodePayload.state) {
|
|
242
230
|
requestStateObj = ProtocolUtils.parseRequestState(
|
|
243
231
|
this.cryptoObj.base64Decode,
|
|
244
|
-
authCodePayload.state
|
|
232
|
+
authCodePayload.state,
|
|
233
|
+
request.correlationId
|
|
245
234
|
);
|
|
246
235
|
}
|
|
247
236
|
|
|
@@ -256,7 +245,8 @@ export class ResponseHandler {
|
|
|
256
245
|
request,
|
|
257
246
|
idTokenClaims,
|
|
258
247
|
userAssertionHash,
|
|
259
|
-
authCodePayload
|
|
248
|
+
authCodePayload,
|
|
249
|
+
additionalCacheKeyComponents
|
|
260
250
|
);
|
|
261
251
|
let cacheContext;
|
|
262
252
|
try {
|
|
@@ -363,12 +353,14 @@ export class ResponseHandler {
|
|
|
363
353
|
request: BaseAuthRequest,
|
|
364
354
|
idTokenClaims?: TokenClaims,
|
|
365
355
|
userAssertionHash?: string,
|
|
366
|
-
authCodePayload?: AuthorizationCodePayload
|
|
356
|
+
authCodePayload?: AuthorizationCodePayload,
|
|
357
|
+
additionalCacheKeyComponents?: Record<string, string>
|
|
367
358
|
): CacheRecord {
|
|
368
359
|
const env = authority.getPreferredCache();
|
|
369
360
|
if (!env) {
|
|
370
361
|
throw createClientAuthError(
|
|
371
|
-
ClientAuthErrorCodes.invalidCacheEnvironment
|
|
362
|
+
ClientAuthErrorCodes.invalidCacheEnvironment,
|
|
363
|
+
request.correlationId
|
|
372
364
|
);
|
|
373
365
|
}
|
|
374
366
|
|
|
@@ -408,8 +400,11 @@ export class ResponseHandler {
|
|
|
408
400
|
if (serverTokenResponse.access_token) {
|
|
409
401
|
// If scopes not returned in server response, use request scopes
|
|
410
402
|
const responseScopes = serverTokenResponse.scope
|
|
411
|
-
? ScopeSet.fromString(
|
|
412
|
-
|
|
403
|
+
? ScopeSet.fromString(
|
|
404
|
+
serverTokenResponse.scope,
|
|
405
|
+
request.correlationId
|
|
406
|
+
)
|
|
407
|
+
: new ScopeSet(request.scopes || [], request.correlationId);
|
|
413
408
|
|
|
414
409
|
/*
|
|
415
410
|
* Use timestamp calculated before request
|
|
@@ -446,10 +441,12 @@ export class ResponseHandler {
|
|
|
446
441
|
tokenExpirationSeconds,
|
|
447
442
|
extendedTokenExpirationSeconds,
|
|
448
443
|
this.cryptoObj.base64Decode,
|
|
444
|
+
request.correlationId,
|
|
449
445
|
refreshOnSeconds,
|
|
450
446
|
serverTokenResponse.token_type,
|
|
451
447
|
userAssertionHash,
|
|
452
|
-
serverTokenResponse.key_id
|
|
448
|
+
serverTokenResponse.key_id,
|
|
449
|
+
additionalCacheKeyComponents
|
|
453
450
|
);
|
|
454
451
|
// Set resource (to be used for MCP scenarios)
|
|
455
452
|
const resource = request.resource || null;
|
|
@@ -553,7 +550,8 @@ export class ResponseHandler {
|
|
|
553
550
|
|
|
554
551
|
if (!keyId) {
|
|
555
552
|
throw createClientAuthError(
|
|
556
|
-
ClientAuthErrorCodes.keyIdMissing
|
|
553
|
+
ClientAuthErrorCodes.keyIdMissing,
|
|
554
|
+
request.correlationId
|
|
557
555
|
);
|
|
558
556
|
}
|
|
559
557
|
|
|
@@ -566,7 +564,8 @@ export class ResponseHandler {
|
|
|
566
564
|
accessToken = cacheRecord.accessToken.secret;
|
|
567
565
|
}
|
|
568
566
|
responseScopes = ScopeSet.fromString(
|
|
569
|
-
cacheRecord.accessToken.target
|
|
567
|
+
cacheRecord.accessToken.target,
|
|
568
|
+
request.correlationId
|
|
570
569
|
).asArray();
|
|
571
570
|
// Access token expiresOn cached in seconds, converting to Date for AuthenticationResult
|
|
572
571
|
expiresOn = TimeUtils.toDateFromSeconds(
|
|
@@ -593,8 +592,20 @@ export class ResponseHandler {
|
|
|
593
592
|
|
|
594
593
|
// for hybrid + native bridge enablement, send back the native account Id
|
|
595
594
|
if (serverTokenResponse?.spa_accountid && !!cacheRecord.account) {
|
|
595
|
+
// Set on deprecated top-level for downgrade compat
|
|
596
596
|
cacheRecord.account.nativeAccountId =
|
|
597
597
|
serverTokenResponse?.spa_accountid;
|
|
598
|
+
// Set on the matching tenant profile (source of truth)
|
|
599
|
+
const targetTenantId = tid || cacheRecord.account.realm;
|
|
600
|
+
if (cacheRecord.account.tenantProfiles) {
|
|
601
|
+
const matchingProfile = cacheRecord.account.tenantProfiles.find(
|
|
602
|
+
(tp) => tp.tenantId === targetTenantId
|
|
603
|
+
);
|
|
604
|
+
if (matchingProfile) {
|
|
605
|
+
matchingProfile.nativeAccountId =
|
|
606
|
+
serverTokenResponse.spa_accountid;
|
|
607
|
+
}
|
|
608
|
+
}
|
|
598
609
|
}
|
|
599
610
|
|
|
600
611
|
const accountInfo: AccountInfo | null = cacheRecord.account
|
|
@@ -692,6 +703,7 @@ export function buildAccountToCache(
|
|
|
692
703
|
nativeAccountId: nativeAccountId,
|
|
693
704
|
},
|
|
694
705
|
authority,
|
|
706
|
+
correlationId,
|
|
695
707
|
base64Decode
|
|
696
708
|
);
|
|
697
709
|
|
|
@@ -707,6 +719,7 @@ export function buildAccountToCache(
|
|
|
707
719
|
homeAccountId,
|
|
708
720
|
baseAccount.localAccountId,
|
|
709
721
|
tenantId,
|
|
722
|
+
nativeAccountId,
|
|
710
723
|
idTokenClaims
|
|
711
724
|
);
|
|
712
725
|
tenantProfiles.push(newTenantProfile);
|
|
@@ -31,6 +31,7 @@ export interface IPerformanceClient {
|
|
|
31
31
|
fields: { [key: string]: {} | undefined },
|
|
32
32
|
correlationId: string
|
|
33
33
|
): void;
|
|
34
|
+
addGlobalFields(fields: { [key: string]: {} | undefined }): void;
|
|
34
35
|
incrementFields(
|
|
35
36
|
fields: { [key: string]: number | undefined },
|
|
36
37
|
correlationId: string
|
|
@@ -279,6 +279,14 @@ export abstract class PerformanceClient implements IPerformanceClient {
|
|
|
279
279
|
protected logger: Logger;
|
|
280
280
|
protected callbacks: Map<string, PerformanceCallbackFunction>;
|
|
281
281
|
|
|
282
|
+
/**
|
|
283
|
+
* Fields stamped onto every event emitted by this client (e.g. previousLibraryVersion).
|
|
284
|
+
* Unlike addFields, these are not scoped to a single correlationId and persist for the
|
|
285
|
+
* lifetime of the client. Set imperatively after construction via addGlobalFields.
|
|
286
|
+
* @protected
|
|
287
|
+
*/
|
|
288
|
+
protected globalFields: { [key: string]: {} | undefined };
|
|
289
|
+
|
|
282
290
|
/**
|
|
283
291
|
* Multiple events with the same correlation id.
|
|
284
292
|
* @protected
|
|
@@ -320,6 +328,7 @@ export abstract class PerformanceClient implements IPerformanceClient {
|
|
|
320
328
|
this.authority = authority;
|
|
321
329
|
this.libraryName = libraryName;
|
|
322
330
|
this.libraryVersion = libraryVersion;
|
|
331
|
+
this.globalFields = {};
|
|
323
332
|
this.applicationTelemetry = applicationTelemetry;
|
|
324
333
|
this.clientId = clientId;
|
|
325
334
|
this.logger = logger;
|
|
@@ -507,6 +516,12 @@ export abstract class PerformanceClient implements IPerformanceClient {
|
|
|
507
516
|
incompleteSubsCount,
|
|
508
517
|
context,
|
|
509
518
|
logs: formattedLogs,
|
|
519
|
+
/*
|
|
520
|
+
* Global fields are spread last so they are always present on the
|
|
521
|
+
* emitted event and never overridden, even when registered after
|
|
522
|
+
* the measurement started.
|
|
523
|
+
*/
|
|
524
|
+
...this.globalFields,
|
|
510
525
|
};
|
|
511
526
|
if (account) {
|
|
512
527
|
finalEvent.accountType = getAccountType(account);
|
|
@@ -568,6 +583,19 @@ export abstract class PerformanceClient implements IPerformanceClient {
|
|
|
568
583
|
}
|
|
569
584
|
}
|
|
570
585
|
|
|
586
|
+
/**
|
|
587
|
+
* Saves fields to be emitted on every event measured by this client.
|
|
588
|
+
* Unlike addFields, these are not scoped to a single correlationId and persist for the
|
|
589
|
+
* lifetime of the client (e.g. previousLibraryVersion for upgrade/downgrade telemetry).
|
|
590
|
+
* @param fields
|
|
591
|
+
*/
|
|
592
|
+
addGlobalFields(fields: { [key: string]: {} | undefined }): void {
|
|
593
|
+
this.globalFields = {
|
|
594
|
+
...this.globalFields,
|
|
595
|
+
...fields,
|
|
596
|
+
};
|
|
597
|
+
}
|
|
598
|
+
|
|
571
599
|
/**
|
|
572
600
|
* Increment counters to be emitted when the measurements are flushed
|
|
573
601
|
* @param fields {string[]}
|