@azure/msal-node-extensions 1.5.16 → 1.5.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/bin/arm64/dpapi.node +0 -0
  2. package/bin/ia32/dpapi.node +0 -0
  3. package/bin/x64/dpapi.node +0 -0
  4. package/dist/Dpapi.mjs +1 -1
  5. package/dist/broker/NativeBrokerPlugin.d.ts +1 -0
  6. package/dist/broker/NativeBrokerPlugin.mjs +47 -23
  7. package/dist/broker/NativeBrokerPlugin.mjs.map +1 -1
  8. package/dist/error/NativeAuthError.mjs +1 -1
  9. package/dist/error/PersistenceError.mjs +1 -1
  10. package/dist/index.mjs +1 -1
  11. package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs +2 -2
  12. package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs.map +1 -1
  13. package/dist/lib/msal-common/dist/error/AuthError.mjs +2 -2
  14. package/dist/lib/msal-common/dist/error/AuthError.mjs.map +1 -1
  15. package/dist/lib/msal-common/dist/error/ClientAuthError.mjs +2 -2
  16. package/dist/lib/msal-common/dist/error/ClientAuthError.mjs.map +1 -1
  17. package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs +2 -2
  18. package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
  19. package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs +5 -4
  20. package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs.map +1 -1
  21. package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs +6 -5
  22. package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
  23. package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs +2 -2
  24. package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  25. package/dist/lib/msal-common/dist/error/ServerError.mjs +2 -2
  26. package/dist/lib/msal-common/dist/error/ServerError.mjs.map +1 -1
  27. package/dist/lib/msal-common/dist/logger/Logger.mjs +2 -2
  28. package/dist/lib/msal-common/dist/logger/Logger.mjs.map +1 -1
  29. package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs +2 -2
  30. package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  31. package/dist/lib/msal-common/dist/utils/Constants.mjs +2 -2
  32. package/dist/lib/msal-common/dist/utils/Constants.mjs.map +1 -1
  33. package/dist/lib/msal-common/dist/utils/TimeUtils.mjs +2 -2
  34. package/dist/lib/msal-common/dist/utils/TimeUtils.mjs.map +1 -1
  35. package/dist/lock/CrossPlatformLock.mjs +1 -1
  36. package/dist/packageMetadata.d.ts +1 -1
  37. package/dist/packageMetadata.mjs +2 -2
  38. package/dist/persistence/BasePersistence.mjs +1 -1
  39. package/dist/persistence/DataProtectionScope.mjs +1 -1
  40. package/dist/persistence/FilePersistence.mjs +1 -1
  41. package/dist/persistence/FilePersistenceWithDataProtection.mjs +1 -1
  42. package/dist/persistence/KeychainPersistence.mjs +1 -1
  43. package/dist/persistence/LibSecretPersistence.mjs +1 -1
  44. package/dist/persistence/PersistenceCachePlugin.mjs +1 -1
  45. package/dist/persistence/PersistenceCreator.mjs +1 -1
  46. package/dist/utils/Constants.mjs +1 -1
  47. package/dist/utils/Environment.mjs +1 -1
  48. package/dist/utils/TypeGuards.mjs +1 -1
  49. package/lib/msal-node-extensions.cjs +65 -39
  50. package/lib/msal-node-extensions.cjs.map +1 -1
  51. package/lib/types/broker/NativeBrokerPlugin.d.ts +1 -0
  52. package/lib/types/packageMetadata.d.ts +1 -1
  53. package/package.json +2 -2
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v1.5.16 2025-07-01 */
1
+ /*! @azure/msal-node-extensions v1.5.18 2025-07-23 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -343,7 +343,7 @@ class PersistenceCachePlugin {
343
343
  }
344
344
  }
345
345
 
346
- /*! @azure/msal-common v15.8.0 2025-07-01 */
346
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
347
347
  /*
348
348
  * Copyright (c) Microsoft Corporation. All rights reserved.
349
349
  * Licensed under the MIT License.
@@ -446,7 +446,7 @@ const CacheOutcome = {
446
446
  // When a token is found in the cache or the cache is not supposed to be hit when making the request
447
447
  NOT_APPLICABLE: "0"};
448
448
 
449
- /*! @azure/msal-common v15.8.0 2025-07-01 */
449
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
450
450
  /**
451
451
  * General error class thrown by the MSAL.js library.
452
452
  */
@@ -467,7 +467,7 @@ class AuthError extends Error {
467
467
  }
468
468
  }
469
469
 
470
- /*! @azure/msal-common v15.8.0 2025-07-01 */
470
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
471
471
  /*
472
472
  * Copyright (c) Microsoft Corporation. All rights reserved.
473
473
  * Licensed under the MIT License.
@@ -517,7 +517,7 @@ const missingTenantIdError = "missing_tenant_id_error";
517
517
  const methodNotImplemented = "method_not_implemented";
518
518
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
519
519
 
520
- /*! @azure/msal-common v15.8.0 2025-07-01 */
520
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
521
521
 
522
522
  /*
523
523
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -591,7 +591,7 @@ function createClientAuthError(errorCode, additionalMessage) {
591
591
  return new ClientAuthError(errorCode, additionalMessage);
592
592
  }
593
593
 
594
- /*! @azure/msal-common v15.8.0 2025-07-01 */
594
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
595
595
 
596
596
  /*
597
597
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -782,7 +782,7 @@ class Logger {
782
782
  }
783
783
  }
784
784
 
785
- /*! @azure/msal-common v15.8.0 2025-07-01 */
785
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
786
786
  /**
787
787
  * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
788
788
  * @param seconds
@@ -794,7 +794,7 @@ function toDateFromSeconds(seconds) {
794
794
  return new Date();
795
795
  }
796
796
 
797
- /*! @azure/msal-common v15.8.0 2025-07-01 */
797
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
798
798
  /*
799
799
  * Copyright (c) Microsoft Corporation. All rights reserved.
800
800
  * Licensed under the MIT License.
@@ -805,7 +805,6 @@ const authorityUriInsecure = "authority_uri_insecure";
805
805
  const urlParseError = "url_parse_error";
806
806
  const urlEmptyError = "empty_url_error";
807
807
  const emptyInputScopesError = "empty_input_scopes_error";
808
- const invalidPromptValue = "invalid_prompt_value";
809
808
  const invalidClaims = "invalid_claims";
810
809
  const tokenRequestEmpty = "token_request_empty";
811
810
  const logoutRequestEmpty = "logout_request_empty";
@@ -820,9 +819,11 @@ const missingNonceAuthenticationHeader = "missing_nonce_authentication_header";
820
819
  const invalidAuthenticationHeader = "invalid_authentication_header";
821
820
  const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
822
821
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
823
- const authorityMismatch = "authority_mismatch";
822
+ const authorityMismatch = "authority_mismatch";
823
+ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
824
+ const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
824
825
 
825
- /*! @azure/msal-common v15.8.0 2025-07-01 */
826
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
826
827
 
827
828
  /*
828
829
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -835,7 +836,6 @@ const ClientConfigurationErrorMessages = {
835
836
  [urlParseError]: "URL could not be parsed into appropriate segments.",
836
837
  [urlEmptyError]: "URL was empty or null.",
837
838
  [emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",
838
- [invalidPromptValue]: "Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",
839
839
  [invalidClaims]: "Given claims parameter must be a stringified JSON object.",
840
840
  [tokenRequestEmpty]: "Token request was empty and not found in cache.",
841
841
  [logoutRequestEmpty]: "The logout request was null or undefined.",
@@ -851,6 +851,8 @@ const ClientConfigurationErrorMessages = {
851
851
  [cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
852
852
  [cannotAllowPlatformBroker]: "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
853
853
  [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
854
+ [invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
855
+ [invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
854
856
  };
855
857
  /**
856
858
  * Error thrown when there is an error in configuration of the MSAL.js library.
@@ -866,10 +868,10 @@ function createClientConfigurationError(errorCode) {
866
868
  return new ClientConfigurationError(errorCode);
867
869
  }
868
870
 
869
- /*! @azure/msal-common v15.8.0 2025-07-01 */
871
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
870
872
  const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
871
873
 
872
- /*! @azure/msal-common v15.8.0 2025-07-01 */
874
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
873
875
 
874
876
  /*
875
877
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -888,7 +890,7 @@ class ServerError extends AuthError {
888
890
  }
889
891
  }
890
892
 
891
- /*! @azure/msal-common v15.8.0 2025-07-01 */
893
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
892
894
  /**
893
895
  * Error thrown when user interaction is required.
894
896
  */
@@ -905,7 +907,7 @@ class InteractionRequiredAuthError extends AuthError {
905
907
  }
906
908
  }
907
909
 
908
- /*! @azure/msal-common v15.8.0 2025-07-01 */
910
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
909
911
 
910
912
  /*
911
913
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1805,7 +1807,7 @@ class NativeAuthError extends AuthError {
1805
1807
 
1806
1808
  /* eslint-disable header/header */
1807
1809
  const name = "@azure/msal-node-extensions";
1808
- const version = "1.5.16";
1810
+ const version = "1.5.18";
1809
1811
 
1810
1812
  /*
1811
1813
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1932,8 +1934,11 @@ class NativeBrokerPlugin {
1932
1934
  }
1933
1935
  async acquireTokenSilent(request) {
1934
1936
  this.logger.trace("NativeBrokerPlugin - acquireTokenSilent called", request.correlationId);
1935
- const authParams = this.generateRequestParameters(request);
1936
- const account = await this.getAccount(request);
1937
+ const platformRequest = request;
1938
+ const authParams = this.generateRequestParameters(platformRequest);
1939
+ const account = await this.getAccount(platformRequest);
1940
+ platformRequest.redirectUri =
1941
+ this.chooseRedirectUriByPlatform(platformRequest);
1937
1942
  return new Promise((resolve, reject) => {
1938
1943
  const resultCallback = (result) => {
1939
1944
  try {
@@ -1946,15 +1951,15 @@ class NativeBrokerPlugin {
1946
1951
  return;
1947
1952
  }
1948
1953
  }
1949
- const authenticationResult = this.getAuthenticationResult(request, result);
1954
+ const authenticationResult = this.getAuthenticationResult(platformRequest, result);
1950
1955
  resolve(authenticationResult);
1951
1956
  };
1952
1957
  try {
1953
1958
  if (account) {
1954
- msalNodeRuntime.msalNodeRuntime.AcquireTokenSilentlyAsync(authParams, request.correlationId, account, resultCallback);
1959
+ msalNodeRuntime.msalNodeRuntime.AcquireTokenSilentlyAsync(authParams, platformRequest.correlationId, account, resultCallback);
1955
1960
  }
1956
1961
  else {
1957
- msalNodeRuntime.msalNodeRuntime.SignInSilentlyAsync(authParams, request.correlationId, resultCallback);
1962
+ msalNodeRuntime.msalNodeRuntime.SignInSilentlyAsync(authParams, platformRequest.correlationId, resultCallback);
1958
1963
  }
1959
1964
  }
1960
1965
  catch (e) {
@@ -1967,8 +1972,11 @@ class NativeBrokerPlugin {
1967
1972
  }
1968
1973
  async acquireTokenInteractive(request, providedWindowHandle) {
1969
1974
  this.logger.trace("NativeBrokerPlugin - acquireTokenInteractive called", request.correlationId);
1970
- const authParams = this.generateRequestParameters(request);
1971
- const account = await this.getAccount(request);
1975
+ const platformRequest = request;
1976
+ const authParams = this.generateRequestParameters(platformRequest);
1977
+ platformRequest.redirectUri =
1978
+ this.chooseRedirectUriByPlatform(platformRequest);
1979
+ const account = await this.getAccount(platformRequest);
1972
1980
  const windowHandle = providedWindowHandle || Buffer.from([0]);
1973
1981
  return new Promise((resolve, reject) => {
1974
1982
  const resultCallback = (result) => {
@@ -1982,37 +1990,39 @@ class NativeBrokerPlugin {
1982
1990
  return;
1983
1991
  }
1984
1992
  }
1985
- const authenticationResult = this.getAuthenticationResult(request, result);
1993
+ const authenticationResult = this.getAuthenticationResult(platformRequest, result);
1986
1994
  resolve(authenticationResult);
1987
1995
  };
1988
1996
  try {
1989
- switch (request.prompt) {
1997
+ switch (platformRequest.prompt) {
1990
1998
  case PromptValue.LOGIN:
1991
1999
  case PromptValue.SELECT_ACCOUNT:
1992
2000
  case PromptValue.CREATE:
1993
- this.logger.info("Calling native interop SignInInteractively API", request.correlationId);
1994
- const loginHint = request.loginHint || Constants.EMPTY_STRING;
1995
- msalNodeRuntime.msalNodeRuntime.SignInInteractivelyAsync(windowHandle, authParams, request.correlationId, loginHint, resultCallback);
2001
+ this.logger.info("Calling native interop SignInInteractively API", platformRequest.correlationId);
2002
+ const loginHint = platformRequest.loginHint ||
2003
+ Constants.EMPTY_STRING;
2004
+ msalNodeRuntime.msalNodeRuntime.SignInInteractivelyAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
1996
2005
  break;
1997
2006
  case PromptValue.NONE:
1998
2007
  if (account) {
1999
- this.logger.info("Calling native interop AcquireTokenSilently API", request.correlationId);
2000
- msalNodeRuntime.msalNodeRuntime.AcquireTokenSilentlyAsync(authParams, request.correlationId, account, resultCallback);
2008
+ this.logger.info("Calling native interop AcquireTokenSilently API", platformRequest.correlationId);
2009
+ msalNodeRuntime.msalNodeRuntime.AcquireTokenSilentlyAsync(authParams, platformRequest.correlationId, account, resultCallback);
2001
2010
  }
2002
2011
  else {
2003
- this.logger.info("Calling native interop SignInSilently API", request.correlationId);
2004
- msalNodeRuntime.msalNodeRuntime.SignInSilentlyAsync(authParams, request.correlationId, resultCallback);
2012
+ this.logger.info("Calling native interop SignInSilently API", platformRequest.correlationId);
2013
+ msalNodeRuntime.msalNodeRuntime.SignInSilentlyAsync(authParams, platformRequest.correlationId, resultCallback);
2005
2014
  }
2006
2015
  break;
2007
2016
  default:
2008
2017
  if (account) {
2009
- this.logger.info("Calling native interop AcquireTokenInteractively API", request.correlationId);
2010
- msalNodeRuntime.msalNodeRuntime.AcquireTokenInteractivelyAsync(windowHandle, authParams, request.correlationId, account, resultCallback);
2018
+ this.logger.info("Calling native interop AcquireTokenInteractively API", platformRequest.correlationId);
2019
+ msalNodeRuntime.msalNodeRuntime.AcquireTokenInteractivelyAsync(windowHandle, authParams, platformRequest.correlationId, account, resultCallback);
2011
2020
  }
2012
2021
  else {
2013
- this.logger.info("Calling native interop SignIn API", request.correlationId);
2014
- const loginHint = request.loginHint || Constants.EMPTY_STRING;
2015
- msalNodeRuntime.msalNodeRuntime.SignInAsync(windowHandle, authParams, request.correlationId, loginHint, resultCallback);
2022
+ this.logger.info("Calling native interop SignIn API", platformRequest.correlationId);
2023
+ const loginHint = platformRequest.loginHint ||
2024
+ Constants.EMPTY_STRING;
2025
+ msalNodeRuntime.msalNodeRuntime.SignInAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
2016
2026
  }
2017
2027
  break;
2018
2028
  }
@@ -2095,7 +2105,7 @@ class NativeBrokerPlugin {
2095
2105
  const authParams = new msalNodeRuntime.msalNodeRuntime.AuthParameters();
2096
2106
  try {
2097
2107
  authParams.CreateAuthParameters(request.clientId, request.authority);
2098
- authParams.SetRedirectUri(request.redirectUri);
2108
+ authParams.SetRedirectUri(this.chooseRedirectUriByPlatform(request));
2099
2109
  authParams.SetRequestedScopes(request.scopes.join(" "));
2100
2110
  if (request.claims) {
2101
2111
  authParams.SetDecodedClaims(request.claims);
@@ -2132,6 +2142,22 @@ class NativeBrokerPlugin {
2132
2142
  }
2133
2143
  return authParams;
2134
2144
  }
2145
+ chooseRedirectUriByPlatform(request) {
2146
+ this.logger.trace("NativeBrokerPlugin - chooseRedirectUriByPlatform called", request.correlationId);
2147
+ let redirectUri;
2148
+ switch (process.platform) {
2149
+ case "darwin":
2150
+ redirectUri = "msauth.com.msauth.unsignedapp://auth";
2151
+ break;
2152
+ case "win32":
2153
+ redirectUri = `ms-appx-web://Microsoft.AAD.BrokerPlugin/${request.clientId}`;
2154
+ break;
2155
+ default:
2156
+ redirectUri =
2157
+ "https://login.microsoftonline.com/common/oauth2/nativeclient";
2158
+ }
2159
+ return redirectUri;
2160
+ }
2135
2161
  getAuthenticationResult(request, authResult) {
2136
2162
  this.logger.trace("NativeBrokerPlugin - getAuthenticationResult called", request.correlationId);
2137
2163
  let fromCache = false;