@azure/msal-node-extensions 1.5.24 → 5.0.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/arm64/dpapi.node +0 -0
- package/bin/ia32/dpapi.node +0 -0
- package/bin/x64/dpapi.node +0 -0
- package/dist/Dpapi.mjs +1 -1
- package/dist/Dpapi.mjs.map +1 -1
- package/dist/broker/NativeBrokerPlugin.mjs +30 -42
- package/dist/broker/NativeBrokerPlugin.mjs.map +1 -1
- package/dist/error/NativeAuthError.d.ts +1 -1
- package/dist/error/NativeAuthError.mjs +2 -3
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/PersistenceError.mjs +1 -1
- package/dist/error/PersistenceError.mjs.map +1 -1
- package/dist/index.d.ts +0 -1
- package/dist/index.mjs +1 -2
- package/dist/index.mjs.map +1 -1
- package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs +2 -2
- package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/AuthError.mjs +16 -11
- package/dist/lib/msal-common/dist/error/AuthError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientAuthError.mjs +4 -56
- package/dist/lib/msal-common/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs +4 -49
- package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs +4 -30
- package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs +4 -30
- package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs +6 -7
- package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ServerError.mjs +2 -2
- package/dist/lib/msal-common/dist/error/ServerError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/logger/Logger.mjs +17 -23
- package/dist/lib/msal-common/dist/logger/Logger.mjs.map +1 -1
- package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs +29 -31
- package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/lib/msal-common/dist/utils/Constants.mjs +15 -79
- package/dist/lib/msal-common/dist/utils/Constants.mjs.map +1 -1
- package/dist/lib/msal-common/dist/utils/TimeUtils.mjs +2 -2
- package/dist/lib/msal-common/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/lock/CrossPlatformLock.mjs +10 -10
- package/dist/lock/CrossPlatformLock.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/persistence/BasePersistence.mjs +1 -1
- package/dist/persistence/BasePersistence.mjs.map +1 -1
- package/dist/persistence/DataProtectionScope.mjs +1 -1
- package/dist/persistence/DataProtectionScope.mjs.map +1 -1
- package/dist/persistence/FilePersistence.mjs +5 -5
- package/dist/persistence/FilePersistence.mjs.map +1 -1
- package/dist/persistence/FilePersistenceWithDataProtection.mjs +2 -2
- package/dist/persistence/FilePersistenceWithDataProtection.mjs.map +1 -1
- package/dist/persistence/KeychainPersistence.mjs +1 -1
- package/dist/persistence/KeychainPersistence.mjs.map +1 -1
- package/dist/persistence/LibSecretPersistence.mjs +1 -1
- package/dist/persistence/LibSecretPersistence.mjs.map +1 -1
- package/dist/persistence/PersistenceCachePlugin.mjs +12 -12
- package/dist/persistence/PersistenceCachePlugin.mjs.map +1 -1
- package/dist/persistence/PersistenceCreator.mjs +1 -1
- package/dist/persistence/PersistenceCreator.mjs.map +1 -1
- package/dist/utils/Constants.mjs +1 -1
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/Environment.mjs +1 -1
- package/dist/utils/Environment.mjs.map +1 -1
- package/dist/utils/TypeGuards.mjs +1 -1
- package/dist/utils/TypeGuards.mjs.map +1 -1
- package/lib/msal-node-extensions.cjs +180 -430
- package/lib/msal-node-extensions.cjs.map +1 -1
- package/lib/types/error/NativeAuthError.d.ts +1 -1
- package/lib/types/index.d.ts +0 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/package.json +86 -88
- package/dist/utils/StringUtils.d.ts +0 -8
- package/dist/utils/StringUtils.mjs +0 -32
- package/dist/utils/StringUtils.mjs.map +0 -1
- package/lib/types/utils/StringUtils.d.ts +0 -8
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-node-extensions
|
|
1
|
+
/*! @azure/msal-node-extensions v5.0.0-alpha.0 2025-10-07 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
@@ -14,7 +14,7 @@ var _documentCurrentScript = typeof document !== 'undefined' ? document.currentS
|
|
|
14
14
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
15
15
|
* Licensed under the MIT License.
|
|
16
16
|
*/
|
|
17
|
-
const Constants
|
|
17
|
+
const Constants = {
|
|
18
18
|
/**
|
|
19
19
|
* An existing file was the target of an operation that required that the target not exist
|
|
20
20
|
*/
|
|
@@ -188,21 +188,21 @@ class CrossPlatformLock {
|
|
|
188
188
|
async lock() {
|
|
189
189
|
for (let tryCount = 0; tryCount < this.retryNumber; tryCount++) {
|
|
190
190
|
try {
|
|
191
|
-
this.logger.info(`Pid ${process$1.pid} trying to acquire lock
|
|
191
|
+
this.logger.info(`Pid ${process$1.pid} trying to acquire lock`, "");
|
|
192
192
|
this.lockFileHandle = await fs.promises.open(this.lockFilePath, "wx+");
|
|
193
|
-
this.logger.info(`Pid ${process$1.pid} acquired lock
|
|
193
|
+
this.logger.info(`Pid ${process$1.pid} acquired lock`, "");
|
|
194
194
|
await this.lockFileHandle.write(process$1.pid.toString());
|
|
195
195
|
return;
|
|
196
196
|
}
|
|
197
197
|
catch (err) {
|
|
198
198
|
if (isNodeError(err)) {
|
|
199
|
-
if (err.code === Constants
|
|
200
|
-
err.code === Constants
|
|
201
|
-
this.logger.info(err.message);
|
|
199
|
+
if (err.code === Constants.EEXIST_ERROR ||
|
|
200
|
+
err.code === Constants.EPERM_ERROR) {
|
|
201
|
+
this.logger.info(err.message, "");
|
|
202
202
|
await this.sleep(this.retryDelay);
|
|
203
203
|
}
|
|
204
204
|
else {
|
|
205
|
-
this.logger.error(`${process$1.pid} was not able to acquire lock. Ran into error: ${err.message}
|
|
205
|
+
this.logger.error(`${process$1.pid} was not able to acquire lock. Ran into error: ${err.message}`, "");
|
|
206
206
|
throw PersistenceError.createCrossPlatformLockError(err.message);
|
|
207
207
|
}
|
|
208
208
|
}
|
|
@@ -211,7 +211,7 @@ class CrossPlatformLock {
|
|
|
211
211
|
}
|
|
212
212
|
}
|
|
213
213
|
}
|
|
214
|
-
this.logger.error(`${process$1.pid} was not able to acquire lock. Exceeded amount of retries set in the options
|
|
214
|
+
this.logger.error(`${process$1.pid} was not able to acquire lock. Exceeded amount of retries set in the options`, "");
|
|
215
215
|
throw PersistenceError.createCrossPlatformLockError("Not able to acquire lock. Exceeded amount of retries set in options");
|
|
216
216
|
}
|
|
217
217
|
/**
|
|
@@ -223,19 +223,19 @@ class CrossPlatformLock {
|
|
|
223
223
|
// if we have a file handle to the .lockfile, delete lock file
|
|
224
224
|
await fs.promises.unlink(this.lockFilePath);
|
|
225
225
|
await this.lockFileHandle.close();
|
|
226
|
-
this.logger.info("lockfile deleted");
|
|
226
|
+
this.logger.info("lockfile deleted", "");
|
|
227
227
|
}
|
|
228
228
|
else {
|
|
229
|
-
this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted");
|
|
229
|
+
this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted", "");
|
|
230
230
|
}
|
|
231
231
|
}
|
|
232
232
|
catch (err) {
|
|
233
233
|
if (isNodeError(err)) {
|
|
234
|
-
if (err.code === Constants
|
|
235
|
-
this.logger.info("Tried to unlock but lockfile does not exist");
|
|
234
|
+
if (err.code === Constants.ENOENT_ERROR) {
|
|
235
|
+
this.logger.info("Tried to unlock but lockfile does not exist", "");
|
|
236
236
|
}
|
|
237
237
|
else {
|
|
238
|
-
this.logger.error(`${process$1.pid} was not able to release lock. Ran into error: ${err.message}
|
|
238
|
+
this.logger.error(`${process$1.pid} was not able to release lock. Ran into error: ${err.message}`, "");
|
|
239
239
|
throw PersistenceError.createCrossPlatformLockError(err.message);
|
|
240
240
|
}
|
|
241
241
|
}
|
|
@@ -289,17 +289,17 @@ class PersistenceCachePlugin {
|
|
|
289
289
|
* beforeCacheAccess() and afterCacheAccess().
|
|
290
290
|
*/
|
|
291
291
|
async beforeCacheAccess(cacheContext) {
|
|
292
|
-
this.logger.info("Executing before cache access");
|
|
292
|
+
this.logger.info("Executing before cache access", "");
|
|
293
293
|
const reloadNecessary = await this.persistence.reloadNecessary(this.lastSync);
|
|
294
294
|
if (!reloadNecessary && this.currentCache !== null) {
|
|
295
295
|
if (cacheContext.cacheHasChanged) {
|
|
296
|
-
this.logger.verbose("Cache context has changed");
|
|
296
|
+
this.logger.verbose("Cache context has changed", "");
|
|
297
297
|
await this.crossPlatformLock.lock();
|
|
298
298
|
}
|
|
299
299
|
return;
|
|
300
300
|
}
|
|
301
301
|
try {
|
|
302
|
-
this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}
|
|
302
|
+
this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}`, "");
|
|
303
303
|
await this.crossPlatformLock.lock();
|
|
304
304
|
this.currentCache = await this.persistence.load();
|
|
305
305
|
this.lastSync = new Date().getTime();
|
|
@@ -307,17 +307,17 @@ class PersistenceCachePlugin {
|
|
|
307
307
|
cacheContext.tokenCache.deserialize(this.currentCache);
|
|
308
308
|
}
|
|
309
309
|
else {
|
|
310
|
-
this.logger.info("Cache empty.");
|
|
310
|
+
this.logger.info("Cache empty.", "");
|
|
311
311
|
}
|
|
312
|
-
this.logger.info(`Last sync time updated to: ${this.lastSync}
|
|
312
|
+
this.logger.info(`Last sync time updated to: ${this.lastSync}`, "");
|
|
313
313
|
}
|
|
314
314
|
finally {
|
|
315
315
|
if (!cacheContext.cacheHasChanged) {
|
|
316
316
|
await this.crossPlatformLock.unlock();
|
|
317
|
-
this.logger.info(`Pid ${process$1.pid} released lock
|
|
317
|
+
this.logger.info(`Pid ${process$1.pid} released lock`, "");
|
|
318
318
|
}
|
|
319
319
|
else {
|
|
320
|
-
this.logger.info(`Pid ${process$1.pid} beforeCacheAccess did not release lock
|
|
320
|
+
this.logger.info(`Pid ${process$1.pid} beforeCacheAccess did not release lock`, "");
|
|
321
321
|
}
|
|
322
322
|
}
|
|
323
323
|
}
|
|
@@ -325,139 +325,45 @@ class PersistenceCachePlugin {
|
|
|
325
325
|
* Writes to storage if MSAL in memory copy of cache has been changed.
|
|
326
326
|
*/
|
|
327
327
|
async afterCacheAccess(cacheContext) {
|
|
328
|
-
this.logger.info("Executing after cache access");
|
|
328
|
+
this.logger.info("Executing after cache access", "");
|
|
329
329
|
try {
|
|
330
330
|
if (cacheContext.cacheHasChanged) {
|
|
331
|
-
this.logger.info("Msal in-memory cache has changed. Writing changes to persistence");
|
|
331
|
+
this.logger.info("Msal in-memory cache has changed. Writing changes to persistence", "");
|
|
332
332
|
this.currentCache = cacheContext.tokenCache.serialize();
|
|
333
333
|
await this.persistence.save(this.currentCache);
|
|
334
334
|
}
|
|
335
335
|
else {
|
|
336
|
-
this.logger.info("Msal in-memory cache has not changed. Did not write to persistence");
|
|
336
|
+
this.logger.info("Msal in-memory cache has not changed. Did not write to persistence", "");
|
|
337
337
|
}
|
|
338
338
|
}
|
|
339
339
|
finally {
|
|
340
340
|
await this.crossPlatformLock.unlock();
|
|
341
|
-
this.logger.info(`Pid ${process$1.pid} afterCacheAccess released lock
|
|
341
|
+
this.logger.info(`Pid ${process$1.pid} afterCacheAccess released lock`, "");
|
|
342
342
|
}
|
|
343
343
|
}
|
|
344
344
|
}
|
|
345
345
|
|
|
346
|
-
/*! @azure/msal-common
|
|
346
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
347
347
|
/*
|
|
348
348
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
349
349
|
* Licensed under the MIT License.
|
|
350
350
|
*/
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
// default authority
|
|
355
|
-
DEFAULT_AUTHORITY: "https://login.microsoftonline.com/common/",
|
|
356
|
-
DEFAULT_AUTHORITY_HOST: "login.microsoftonline.com",
|
|
357
|
-
DEFAULT_COMMON_TENANT: "common",
|
|
358
|
-
// ADFS String
|
|
359
|
-
ADFS: "adfs",
|
|
360
|
-
DSTS: "dstsv2",
|
|
361
|
-
// Default AAD Instance Discovery Endpoint
|
|
362
|
-
AAD_INSTANCE_DISCOVERY_ENDPT: "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",
|
|
363
|
-
// CIAM URL
|
|
364
|
-
CIAM_AUTH_URL: ".ciamlogin.com",
|
|
365
|
-
AAD_TENANT_DOMAIN_SUFFIX: ".onmicrosoft.com",
|
|
366
|
-
// Resource delimiter - used for certain cache entries
|
|
367
|
-
RESOURCE_DELIM: "|",
|
|
368
|
-
// Placeholder for non-existent account ids/objects
|
|
369
|
-
NO_ACCOUNT: "NO_ACCOUNT",
|
|
370
|
-
// Claims
|
|
371
|
-
CLAIMS: "claims",
|
|
372
|
-
// Consumer UTID
|
|
373
|
-
CONSUMER_UTID: "9188040d-6c67-4c5b-b112-36a304b66dad",
|
|
374
|
-
// Default scopes
|
|
375
|
-
OPENID_SCOPE: "openid",
|
|
376
|
-
PROFILE_SCOPE: "profile",
|
|
377
|
-
OFFLINE_ACCESS_SCOPE: "offline_access",
|
|
378
|
-
EMAIL_SCOPE: "email",
|
|
379
|
-
CODE_GRANT_TYPE: "authorization_code",
|
|
380
|
-
RT_GRANT_TYPE: "refresh_token",
|
|
381
|
-
S256_CODE_CHALLENGE_METHOD: "S256",
|
|
382
|
-
URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8",
|
|
383
|
-
AUTHORIZATION_PENDING: "authorization_pending",
|
|
384
|
-
NOT_DEFINED: "not_defined",
|
|
385
|
-
EMPTY_STRING: "",
|
|
386
|
-
NOT_APPLICABLE: "N/A",
|
|
387
|
-
NOT_AVAILABLE: "Not Available",
|
|
388
|
-
FORWARD_SLASH: "/",
|
|
389
|
-
IMDS_ENDPOINT: "http://169.254.169.254/metadata/instance/compute/location",
|
|
390
|
-
IMDS_VERSION: "2020-06-01",
|
|
391
|
-
IMDS_TIMEOUT: 2000,
|
|
392
|
-
AZURE_REGION_AUTO_DISCOVER_FLAG: "TryAutoDetect",
|
|
393
|
-
REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: "login.microsoft.com",
|
|
394
|
-
KNOWN_PUBLIC_CLOUDS: [
|
|
395
|
-
"login.microsoftonline.com",
|
|
396
|
-
"login.windows.net",
|
|
397
|
-
"login.microsoft.com",
|
|
398
|
-
"sts.windows.net",
|
|
399
|
-
],
|
|
400
|
-
SHR_NONCE_VALIDITY: 240,
|
|
401
|
-
INVALID_INSTANCE: "invalid_instance",
|
|
402
|
-
};
|
|
403
|
-
/**
|
|
404
|
-
* we considered making this "enum" in the request instead of string, however it looks like the allowed list of
|
|
405
|
-
* prompt values kept changing over past couple of years. There are some undocumented prompt values for some
|
|
406
|
-
* internal partners too, hence the choice of generic "string" type instead of the "enum"
|
|
407
|
-
*/
|
|
408
|
-
const PromptValue = {
|
|
409
|
-
LOGIN: "login",
|
|
410
|
-
SELECT_ACCOUNT: "select_account",
|
|
411
|
-
CONSENT: "consent",
|
|
412
|
-
NONE: "none",
|
|
413
|
-
CREATE: "create",
|
|
414
|
-
NO_SESSION: "no_session",
|
|
415
|
-
};
|
|
416
|
-
/**
|
|
417
|
-
* Separators used in cache
|
|
418
|
-
*/
|
|
419
|
-
const Separators = {
|
|
420
|
-
CACHE_KEY_SEPARATOR: "-"};
|
|
421
|
-
const SERVER_TELEM_CONSTANTS = {
|
|
422
|
-
SCHEMA_VERSION: 5,
|
|
423
|
-
MAX_LAST_HEADER_BYTES: 330,
|
|
424
|
-
MAX_CACHED_ERRORS: 50,
|
|
425
|
-
CACHE_KEY: "server-telemetry",
|
|
426
|
-
CATEGORY_SEPARATOR: "|",
|
|
427
|
-
VALUE_SEPARATOR: ",",
|
|
428
|
-
OVERFLOW_TRUE: "1",
|
|
429
|
-
OVERFLOW_FALSE: "0",
|
|
430
|
-
UNKNOWN_ERROR: "unknown_error",
|
|
431
|
-
};
|
|
432
|
-
/**
|
|
433
|
-
* Type of the authentication request
|
|
434
|
-
*/
|
|
435
|
-
const AuthenticationScheme = {
|
|
436
|
-
BEARER: "Bearer",
|
|
437
|
-
POP: "pop",
|
|
438
|
-
SSH: "ssh-cert",
|
|
439
|
-
};
|
|
440
|
-
/**
|
|
441
|
-
* Specifies the reason for fetching the access token from the identity provider
|
|
442
|
-
*/
|
|
443
|
-
const CacheOutcome = {
|
|
444
|
-
// When a token is found in the cache or the cache is not supposed to be hit when making the request
|
|
445
|
-
NOT_APPLICABLE: "0"};
|
|
446
|
-
|
|
447
|
-
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
351
|
+
function getDefaultErrorMessage(code) {
|
|
352
|
+
return `See https://aka.ms/msal.js.errors#${code} for details`;
|
|
353
|
+
}
|
|
448
354
|
/**
|
|
449
355
|
* General error class thrown by the MSAL.js library.
|
|
450
356
|
*/
|
|
451
357
|
class AuthError extends Error {
|
|
452
358
|
constructor(errorCode, errorMessage, suberror) {
|
|
453
|
-
const
|
|
454
|
-
?
|
|
455
|
-
|
|
359
|
+
const message = errorMessage ||
|
|
360
|
+
(errorCode ? getDefaultErrorMessage(errorCode) : "");
|
|
361
|
+
const errorString = message ? `${errorCode}: ${message}` : errorCode;
|
|
456
362
|
super(errorString);
|
|
457
363
|
Object.setPrototypeOf(this, AuthError.prototype);
|
|
458
|
-
this.errorCode = errorCode ||
|
|
459
|
-
this.errorMessage =
|
|
460
|
-
this.subError = suberror ||
|
|
364
|
+
this.errorCode = errorCode || "";
|
|
365
|
+
this.errorMessage = message || "";
|
|
366
|
+
this.subError = suberror || "";
|
|
461
367
|
this.name = "AuthError";
|
|
462
368
|
}
|
|
463
369
|
setCorrelationId(correlationId) {
|
|
@@ -465,57 +371,7 @@ class AuthError extends Error {
|
|
|
465
371
|
}
|
|
466
372
|
}
|
|
467
373
|
|
|
468
|
-
/*! @azure/msal-common
|
|
469
|
-
/*
|
|
470
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
471
|
-
* Licensed under the MIT License.
|
|
472
|
-
*/
|
|
473
|
-
const clientInfoDecodingError = "client_info_decoding_error";
|
|
474
|
-
const clientInfoEmptyError = "client_info_empty_error";
|
|
475
|
-
const tokenParsingError = "token_parsing_error";
|
|
476
|
-
const nullOrEmptyToken = "null_or_empty_token";
|
|
477
|
-
const endpointResolutionError = "endpoints_resolution_error";
|
|
478
|
-
const networkError = "network_error";
|
|
479
|
-
const openIdConfigError = "openid_config_error";
|
|
480
|
-
const hashNotDeserialized = "hash_not_deserialized";
|
|
481
|
-
const invalidState = "invalid_state";
|
|
482
|
-
const stateMismatch = "state_mismatch";
|
|
483
|
-
const stateNotFound = "state_not_found";
|
|
484
|
-
const nonceMismatch = "nonce_mismatch";
|
|
485
|
-
const authTimeNotFound = "auth_time_not_found";
|
|
486
|
-
const maxAgeTranspired = "max_age_transpired";
|
|
487
|
-
const multipleMatchingTokens = "multiple_matching_tokens";
|
|
488
|
-
const multipleMatchingAccounts = "multiple_matching_accounts";
|
|
489
|
-
const multipleMatchingAppMetadata = "multiple_matching_appMetadata";
|
|
490
|
-
const requestCannotBeMade = "request_cannot_be_made";
|
|
491
|
-
const cannotRemoveEmptyScope = "cannot_remove_empty_scope";
|
|
492
|
-
const cannotAppendScopeSet = "cannot_append_scopeset";
|
|
493
|
-
const emptyInputScopeSet = "empty_input_scopeset";
|
|
494
|
-
const deviceCodePollingCancelled = "device_code_polling_cancelled";
|
|
495
|
-
const deviceCodeExpired = "device_code_expired";
|
|
496
|
-
const deviceCodeUnknownError = "device_code_unknown_error";
|
|
497
|
-
const noAccountInSilentRequest = "no_account_in_silent_request";
|
|
498
|
-
const invalidCacheRecord = "invalid_cache_record";
|
|
499
|
-
const invalidCacheEnvironment = "invalid_cache_environment";
|
|
500
|
-
const noAccountFound = "no_account_found";
|
|
501
|
-
const noCryptoObject = "no_crypto_object";
|
|
502
|
-
const unexpectedCredentialType = "unexpected_credential_type";
|
|
503
|
-
const invalidAssertion = "invalid_assertion";
|
|
504
|
-
const invalidClientCredential = "invalid_client_credential";
|
|
505
|
-
const tokenRefreshRequired = "token_refresh_required";
|
|
506
|
-
const userTimeoutReached = "user_timeout_reached";
|
|
507
|
-
const tokenClaimsCnfRequiredForSignedJwt = "token_claims_cnf_required_for_signedjwt";
|
|
508
|
-
const authorizationCodeMissingFromServerResponse = "authorization_code_missing_from_server_response";
|
|
509
|
-
const bindingKeyNotRemoved = "binding_key_not_removed";
|
|
510
|
-
const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
|
|
511
|
-
const keyIdMissing = "key_id_missing";
|
|
512
|
-
const noNetworkConnectivity = "no_network_connectivity";
|
|
513
|
-
const userCanceled = "user_canceled";
|
|
514
|
-
const missingTenantIdError = "missing_tenant_id_error";
|
|
515
|
-
const methodNotImplemented = "method_not_implemented";
|
|
516
|
-
const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
|
|
517
|
-
|
|
518
|
-
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
374
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
519
375
|
|
|
520
376
|
/*
|
|
521
377
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -524,63 +380,12 @@ const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
|
|
|
524
380
|
/**
|
|
525
381
|
* ClientAuthErrorMessage class containing string constants used by error codes and messages.
|
|
526
382
|
*/
|
|
527
|
-
const ClientAuthErrorMessages = {
|
|
528
|
-
[clientInfoDecodingError]: "The client info could not be parsed/decoded correctly",
|
|
529
|
-
[clientInfoEmptyError]: "The client info was empty",
|
|
530
|
-
[tokenParsingError]: "Token cannot be parsed",
|
|
531
|
-
[nullOrEmptyToken]: "The token is null or empty",
|
|
532
|
-
[endpointResolutionError]: "Endpoints cannot be resolved",
|
|
533
|
-
[networkError]: "Network request failed",
|
|
534
|
-
[openIdConfigError]: "Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",
|
|
535
|
-
[hashNotDeserialized]: "The hash parameters could not be deserialized",
|
|
536
|
-
[invalidState]: "State was not the expected format",
|
|
537
|
-
[stateMismatch]: "State mismatch error",
|
|
538
|
-
[stateNotFound]: "State not found",
|
|
539
|
-
[nonceMismatch]: "Nonce mismatch error",
|
|
540
|
-
[authTimeNotFound]: "Max Age was requested and the ID token is missing the auth_time variable." +
|
|
541
|
-
" auth_time is an optional claim and is not enabled by default - it must be enabled." +
|
|
542
|
-
" See https://aka.ms/msaljs/optional-claims for more information.",
|
|
543
|
-
[maxAgeTranspired]: "Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",
|
|
544
|
-
[multipleMatchingTokens]: "The cache contains multiple tokens satisfying the requirements. " +
|
|
545
|
-
"Call AcquireToken again providing more requirements such as authority or account.",
|
|
546
|
-
[multipleMatchingAccounts]: "The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",
|
|
547
|
-
[multipleMatchingAppMetadata]: "The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",
|
|
548
|
-
[requestCannotBeMade]: "Token request cannot be made without authorization code or refresh token.",
|
|
549
|
-
[cannotRemoveEmptyScope]: "Cannot remove null or empty scope from ScopeSet",
|
|
550
|
-
[cannotAppendScopeSet]: "Cannot append ScopeSet",
|
|
551
|
-
[emptyInputScopeSet]: "Empty input ScopeSet cannot be processed",
|
|
552
|
-
[deviceCodePollingCancelled]: "Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",
|
|
553
|
-
[deviceCodeExpired]: "Device code is expired.",
|
|
554
|
-
[deviceCodeUnknownError]: "Device code stopped polling for unknown reasons.",
|
|
555
|
-
[noAccountInSilentRequest]: "Please pass an account object, silent flow is not supported without account information",
|
|
556
|
-
[invalidCacheRecord]: "Cache record object was null or undefined.",
|
|
557
|
-
[invalidCacheEnvironment]: "Invalid environment when attempting to create cache entry",
|
|
558
|
-
[noAccountFound]: "No account found in cache for given key.",
|
|
559
|
-
[noCryptoObject]: "No crypto object detected.",
|
|
560
|
-
[unexpectedCredentialType]: "Unexpected credential type.",
|
|
561
|
-
[invalidAssertion]: "Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",
|
|
562
|
-
[invalidClientCredential]: "Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",
|
|
563
|
-
[tokenRefreshRequired]: "Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",
|
|
564
|
-
[userTimeoutReached]: "User defined timeout for device code polling reached",
|
|
565
|
-
[tokenClaimsCnfRequiredForSignedJwt]: "Cannot generate a POP jwt if the token_claims are not populated",
|
|
566
|
-
[authorizationCodeMissingFromServerResponse]: "Server response does not contain an authorization code to proceed",
|
|
567
|
-
[bindingKeyNotRemoved]: "Could not remove the credential's binding key from storage.",
|
|
568
|
-
[endSessionEndpointNotSupported]: "The provided authority does not support logout",
|
|
569
|
-
[keyIdMissing]: "A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",
|
|
570
|
-
[noNetworkConnectivity]: "No network connectivity. Check your internet connection.",
|
|
571
|
-
[userCanceled]: "User cancelled the flow.",
|
|
572
|
-
[missingTenantIdError]: "A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",
|
|
573
|
-
[methodNotImplemented]: "This method has not been implemented",
|
|
574
|
-
[nestedAppAuthBridgeDisabled]: "The nested app auth bridge is disabled",
|
|
575
|
-
};
|
|
576
383
|
/**
|
|
577
384
|
* Error thrown when there is an error in the client code running on the browser.
|
|
578
385
|
*/
|
|
579
386
|
class ClientAuthError extends AuthError {
|
|
580
387
|
constructor(errorCode, additionalMessage) {
|
|
581
|
-
super(errorCode, additionalMessage
|
|
582
|
-
? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}`
|
|
583
|
-
: ClientAuthErrorMessages[errorCode]);
|
|
388
|
+
super(errorCode, additionalMessage);
|
|
584
389
|
this.name = "ClientAuthError";
|
|
585
390
|
Object.setPrototypeOf(this, ClientAuthError.prototype);
|
|
586
391
|
}
|
|
@@ -589,8 +394,12 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
589
394
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
590
395
|
}
|
|
591
396
|
|
|
592
|
-
/*! @azure/msal-common
|
|
397
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
398
|
+
const noAccountFound = "no_account_found";
|
|
399
|
+
const noNetworkConnectivity = "no_network_connectivity";
|
|
400
|
+
const userCanceled = "user_canceled";
|
|
593
401
|
|
|
402
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
594
403
|
/*
|
|
595
404
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
596
405
|
* Licensed under the MIT License.
|
|
@@ -624,10 +433,8 @@ class Logger {
|
|
|
624
433
|
typeof setLoggerOptions.logLevel === "number"
|
|
625
434
|
? setLoggerOptions.logLevel
|
|
626
435
|
: LogLevel.Info;
|
|
627
|
-
this.
|
|
628
|
-
|
|
629
|
-
this.packageName = packageName || Constants.EMPTY_STRING;
|
|
630
|
-
this.packageVersion = packageVersion || Constants.EMPTY_STRING;
|
|
436
|
+
this.packageName = packageName || "";
|
|
437
|
+
this.packageVersion = packageVersion || "";
|
|
631
438
|
}
|
|
632
439
|
static createDefaultLoggerOptions() {
|
|
633
440
|
return {
|
|
@@ -641,12 +448,11 @@ class Logger {
|
|
|
641
448
|
/**
|
|
642
449
|
* Create new Logger with existing configurations.
|
|
643
450
|
*/
|
|
644
|
-
clone(packageName, packageVersion
|
|
451
|
+
clone(packageName, packageVersion) {
|
|
645
452
|
return new Logger({
|
|
646
453
|
loggerCallback: this.localCallback,
|
|
647
454
|
piiLoggingEnabled: this.piiLoggingEnabled,
|
|
648
455
|
logLevel: this.level,
|
|
649
|
-
correlationId: correlationId || this.correlationId,
|
|
650
456
|
}, packageName, packageVersion);
|
|
651
457
|
}
|
|
652
458
|
/**
|
|
@@ -659,9 +465,9 @@ class Logger {
|
|
|
659
465
|
}
|
|
660
466
|
const timestamp = new Date().toUTCString();
|
|
661
467
|
// Add correlationId to logs if set, correlationId provided on log messages take precedence
|
|
662
|
-
const logHeader = `[${timestamp}] : [${options.correlationId
|
|
468
|
+
const logHeader = `[${timestamp}] : [${options.correlationId}]`;
|
|
663
469
|
const log = `${logHeader} : ${this.packageName}@${this.packageVersion} : ${LogLevel[options.logLevel]} - ${logMessage}`;
|
|
664
|
-
// debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? "-Pii": Constants.
|
|
470
|
+
// debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? "-Pii": Constants.""}${options.context ? `:${options.context}` : Constants.""}`)(logMessage);
|
|
665
471
|
this.executeCallback(options.logLevel, log, options.containsPii || false);
|
|
666
472
|
}
|
|
667
473
|
/**
|
|
@@ -679,7 +485,7 @@ class Logger {
|
|
|
679
485
|
this.logMessage(message, {
|
|
680
486
|
logLevel: LogLevel.Error,
|
|
681
487
|
containsPii: false,
|
|
682
|
-
correlationId: correlationId
|
|
488
|
+
correlationId: correlationId,
|
|
683
489
|
});
|
|
684
490
|
}
|
|
685
491
|
/**
|
|
@@ -689,7 +495,7 @@ class Logger {
|
|
|
689
495
|
this.logMessage(message, {
|
|
690
496
|
logLevel: LogLevel.Error,
|
|
691
497
|
containsPii: true,
|
|
692
|
-
correlationId: correlationId
|
|
498
|
+
correlationId: correlationId,
|
|
693
499
|
});
|
|
694
500
|
}
|
|
695
501
|
/**
|
|
@@ -699,7 +505,7 @@ class Logger {
|
|
|
699
505
|
this.logMessage(message, {
|
|
700
506
|
logLevel: LogLevel.Warning,
|
|
701
507
|
containsPii: false,
|
|
702
|
-
correlationId: correlationId
|
|
508
|
+
correlationId: correlationId,
|
|
703
509
|
});
|
|
704
510
|
}
|
|
705
511
|
/**
|
|
@@ -709,7 +515,7 @@ class Logger {
|
|
|
709
515
|
this.logMessage(message, {
|
|
710
516
|
logLevel: LogLevel.Warning,
|
|
711
517
|
containsPii: true,
|
|
712
|
-
correlationId: correlationId
|
|
518
|
+
correlationId: correlationId,
|
|
713
519
|
});
|
|
714
520
|
}
|
|
715
521
|
/**
|
|
@@ -719,7 +525,7 @@ class Logger {
|
|
|
719
525
|
this.logMessage(message, {
|
|
720
526
|
logLevel: LogLevel.Info,
|
|
721
527
|
containsPii: false,
|
|
722
|
-
correlationId: correlationId
|
|
528
|
+
correlationId: correlationId,
|
|
723
529
|
});
|
|
724
530
|
}
|
|
725
531
|
/**
|
|
@@ -729,7 +535,7 @@ class Logger {
|
|
|
729
535
|
this.logMessage(message, {
|
|
730
536
|
logLevel: LogLevel.Info,
|
|
731
537
|
containsPii: true,
|
|
732
|
-
correlationId: correlationId
|
|
538
|
+
correlationId: correlationId,
|
|
733
539
|
});
|
|
734
540
|
}
|
|
735
541
|
/**
|
|
@@ -739,7 +545,7 @@ class Logger {
|
|
|
739
545
|
this.logMessage(message, {
|
|
740
546
|
logLevel: LogLevel.Verbose,
|
|
741
547
|
containsPii: false,
|
|
742
|
-
correlationId: correlationId
|
|
548
|
+
correlationId: correlationId,
|
|
743
549
|
});
|
|
744
550
|
}
|
|
745
551
|
/**
|
|
@@ -749,7 +555,7 @@ class Logger {
|
|
|
749
555
|
this.logMessage(message, {
|
|
750
556
|
logLevel: LogLevel.Verbose,
|
|
751
557
|
containsPii: true,
|
|
752
|
-
correlationId: correlationId
|
|
558
|
+
correlationId: correlationId,
|
|
753
559
|
});
|
|
754
560
|
}
|
|
755
561
|
/**
|
|
@@ -759,7 +565,7 @@ class Logger {
|
|
|
759
565
|
this.logMessage(message, {
|
|
760
566
|
logLevel: LogLevel.Trace,
|
|
761
567
|
containsPii: false,
|
|
762
|
-
correlationId: correlationId
|
|
568
|
+
correlationId: correlationId,
|
|
763
569
|
});
|
|
764
570
|
}
|
|
765
571
|
/**
|
|
@@ -769,7 +575,7 @@ class Logger {
|
|
|
769
575
|
this.logMessage(message, {
|
|
770
576
|
logLevel: LogLevel.Trace,
|
|
771
577
|
containsPii: true,
|
|
772
|
-
correlationId: correlationId
|
|
578
|
+
correlationId: correlationId,
|
|
773
579
|
});
|
|
774
580
|
}
|
|
775
581
|
/**
|
|
@@ -780,72 +586,55 @@ class Logger {
|
|
|
780
586
|
}
|
|
781
587
|
}
|
|
782
588
|
|
|
783
|
-
/*! @azure/msal-common
|
|
784
|
-
|
|
785
|
-
*
|
|
786
|
-
*
|
|
589
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
590
|
+
/**
|
|
591
|
+
* we considered making this "enum" in the request instead of string, however it looks like the allowed list of
|
|
592
|
+
* prompt values kept changing over past couple of years. There are some undocumented prompt values for some
|
|
593
|
+
* internal partners too, hence the choice of generic "string" type instead of the "enum"
|
|
787
594
|
*/
|
|
788
|
-
const
|
|
789
|
-
|
|
790
|
-
|
|
791
|
-
|
|
792
|
-
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
|
|
796
|
-
const
|
|
797
|
-
const
|
|
798
|
-
const
|
|
799
|
-
const
|
|
800
|
-
const
|
|
801
|
-
const
|
|
802
|
-
const
|
|
803
|
-
const
|
|
804
|
-
const
|
|
805
|
-
const
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
const
|
|
810
|
-
|
|
595
|
+
const PromptValue = {
|
|
596
|
+
LOGIN: "login",
|
|
597
|
+
SELECT_ACCOUNT: "select_account",
|
|
598
|
+
NONE: "none",
|
|
599
|
+
CREATE: "create"};
|
|
600
|
+
/**
|
|
601
|
+
* Separators used in cache
|
|
602
|
+
*/
|
|
603
|
+
const CACHE_KEY_SEPARATOR = "-";
|
|
604
|
+
const SERVER_TELEM_SCHEMA_VERSION = 5;
|
|
605
|
+
const SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,
|
|
606
|
+
const SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains
|
|
607
|
+
const SERVER_TELEM_CACHE_KEY = "server-telemetry";
|
|
608
|
+
const SERVER_TELEM_CATEGORY_SEPARATOR = "|";
|
|
609
|
+
const SERVER_TELEM_VALUE_SEPARATOR = ",";
|
|
610
|
+
const SERVER_TELEM_OVERFLOW_TRUE = "1";
|
|
611
|
+
const SERVER_TELEM_OVERFLOW_FALSE = "0";
|
|
612
|
+
const SERVER_TELEM_UNKNOWN_ERROR = "unknown_error";
|
|
613
|
+
/**
|
|
614
|
+
* Type of the authentication request
|
|
615
|
+
*/
|
|
616
|
+
const AuthenticationScheme = {
|
|
617
|
+
BEARER: "Bearer",
|
|
618
|
+
POP: "pop"};
|
|
619
|
+
/**
|
|
620
|
+
* Specifies the reason for fetching the access token from the identity provider
|
|
621
|
+
*/
|
|
622
|
+
const CacheOutcome = {
|
|
623
|
+
// When a token is found in the cache or the cache is not supposed to be hit when making the request
|
|
624
|
+
NOT_APPLICABLE: "0"};
|
|
811
625
|
|
|
812
|
-
/*! @azure/msal-common
|
|
626
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
813
627
|
|
|
814
628
|
/*
|
|
815
629
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
816
630
|
* Licensed under the MIT License.
|
|
817
631
|
*/
|
|
818
|
-
const ClientConfigurationErrorMessages = {
|
|
819
|
-
[redirectUriEmpty]: "A redirect URI is required for all calls, and none has been set.",
|
|
820
|
-
[claimsRequestParsingError]: "Could not parse the given claims request object.",
|
|
821
|
-
[authorityUriInsecure]: "Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",
|
|
822
|
-
[urlParseError]: "URL could not be parsed into appropriate segments.",
|
|
823
|
-
[urlEmptyError]: "URL was empty or null.",
|
|
824
|
-
[emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",
|
|
825
|
-
[invalidClaims]: "Given claims parameter must be a stringified JSON object.",
|
|
826
|
-
[tokenRequestEmpty]: "Token request was empty and not found in cache.",
|
|
827
|
-
[logoutRequestEmpty]: "The logout request was null or undefined.",
|
|
828
|
-
[invalidCodeChallengeMethod]: 'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',
|
|
829
|
-
[pkceParamsMissing]: "Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",
|
|
830
|
-
[invalidCloudDiscoveryMetadata]: "Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",
|
|
831
|
-
[invalidAuthorityMetadata]: "Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",
|
|
832
|
-
[untrustedAuthority]: "The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",
|
|
833
|
-
[missingSshJwk]: "Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",
|
|
834
|
-
[missingSshKid]: "Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",
|
|
835
|
-
[missingNonceAuthenticationHeader]: "Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",
|
|
836
|
-
[invalidAuthenticationHeader]: "Invalid authentication header provided",
|
|
837
|
-
[cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
|
|
838
|
-
[cannotAllowPlatformBroker]: "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
|
|
839
|
-
[authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
|
|
840
|
-
[invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
|
|
841
|
-
[invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
|
|
842
|
-
};
|
|
843
632
|
/**
|
|
844
633
|
* Error thrown when there is an error in configuration of the MSAL.js library.
|
|
845
634
|
*/
|
|
846
635
|
class ClientConfigurationError extends AuthError {
|
|
847
636
|
constructor(errorCode) {
|
|
848
|
-
super(errorCode
|
|
637
|
+
super(errorCode);
|
|
849
638
|
this.name = "ClientConfigurationError";
|
|
850
639
|
Object.setPrototypeOf(this, ClientConfigurationError.prototype);
|
|
851
640
|
}
|
|
@@ -854,10 +643,13 @@ function createClientConfigurationError(errorCode) {
|
|
|
854
643
|
return new ClientConfigurationError(errorCode);
|
|
855
644
|
}
|
|
856
645
|
|
|
857
|
-
/*! @azure/msal-common
|
|
646
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
647
|
+
const untrustedAuthority = "untrusted_authority";
|
|
648
|
+
|
|
649
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
858
650
|
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
859
651
|
|
|
860
|
-
/*! @azure/msal-common
|
|
652
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
861
653
|
/**
|
|
862
654
|
* Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
|
|
863
655
|
* @param seconds
|
|
@@ -869,7 +661,7 @@ function toDateFromSeconds(seconds) {
|
|
|
869
661
|
return new Date();
|
|
870
662
|
}
|
|
871
663
|
|
|
872
|
-
/*! @azure/msal-common
|
|
664
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
873
665
|
|
|
874
666
|
/*
|
|
875
667
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -888,7 +680,7 @@ class ServerError extends AuthError {
|
|
|
888
680
|
}
|
|
889
681
|
}
|
|
890
682
|
|
|
891
|
-
/*! @azure/msal-common
|
|
683
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
892
684
|
/**
|
|
893
685
|
* Error thrown when user interaction is required.
|
|
894
686
|
*/
|
|
@@ -896,16 +688,16 @@ class InteractionRequiredAuthError extends AuthError {
|
|
|
896
688
|
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
897
689
|
super(errorCode, errorMessage, subError);
|
|
898
690
|
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
899
|
-
this.timestamp = timestamp ||
|
|
900
|
-
this.traceId = traceId ||
|
|
901
|
-
this.correlationId = correlationId ||
|
|
902
|
-
this.claims = claims ||
|
|
691
|
+
this.timestamp = timestamp || "";
|
|
692
|
+
this.traceId = traceId || "";
|
|
693
|
+
this.correlationId = correlationId || "";
|
|
694
|
+
this.claims = claims || "";
|
|
903
695
|
this.name = "InteractionRequiredAuthError";
|
|
904
696
|
this.errorNo = errorNo;
|
|
905
697
|
}
|
|
906
698
|
}
|
|
907
699
|
|
|
908
|
-
/*! @azure/msal-common
|
|
700
|
+
/*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
|
|
909
701
|
|
|
910
702
|
/*
|
|
911
703
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -956,34 +748,34 @@ class ServerTelemetryManager {
|
|
|
956
748
|
this.cacheManager = cacheManager;
|
|
957
749
|
this.apiId = telemetryRequest.apiId;
|
|
958
750
|
this.correlationId = telemetryRequest.correlationId;
|
|
959
|
-
this.wrapperSKU = telemetryRequest.wrapperSKU ||
|
|
960
|
-
this.wrapperVer = telemetryRequest.wrapperVer ||
|
|
751
|
+
this.wrapperSKU = telemetryRequest.wrapperSKU || "";
|
|
752
|
+
this.wrapperVer = telemetryRequest.wrapperVer || "";
|
|
961
753
|
this.telemetryCacheKey =
|
|
962
|
-
|
|
963
|
-
|
|
754
|
+
SERVER_TELEM_CACHE_KEY +
|
|
755
|
+
CACHE_KEY_SEPARATOR +
|
|
964
756
|
telemetryRequest.clientId;
|
|
965
757
|
}
|
|
966
758
|
/**
|
|
967
759
|
* API to add MSER Telemetry to request
|
|
968
760
|
*/
|
|
969
761
|
generateCurrentRequestHeaderValue() {
|
|
970
|
-
const request = `${this.apiId}${
|
|
762
|
+
const request = `${this.apiId}${SERVER_TELEM_VALUE_SEPARATOR}${this.cacheOutcome}`;
|
|
971
763
|
const platformFieldsArr = [this.wrapperSKU, this.wrapperVer];
|
|
972
764
|
const nativeBrokerErrorCode = this.getNativeBrokerErrorCode();
|
|
973
765
|
if (nativeBrokerErrorCode?.length) {
|
|
974
766
|
platformFieldsArr.push(`broker_error=${nativeBrokerErrorCode}`);
|
|
975
767
|
}
|
|
976
|
-
const platformFields = platformFieldsArr.join(
|
|
768
|
+
const platformFields = platformFieldsArr.join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
977
769
|
const regionDiscoveryFields = this.getRegionDiscoveryFields();
|
|
978
770
|
const requestWithRegionDiscoveryFields = [
|
|
979
771
|
request,
|
|
980
772
|
regionDiscoveryFields,
|
|
981
|
-
].join(
|
|
773
|
+
].join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
982
774
|
return [
|
|
983
|
-
|
|
775
|
+
SERVER_TELEM_SCHEMA_VERSION,
|
|
984
776
|
requestWithRegionDiscoveryFields,
|
|
985
777
|
platformFields,
|
|
986
|
-
].join(
|
|
778
|
+
].join(SERVER_TELEM_CATEGORY_SEPARATOR);
|
|
987
779
|
}
|
|
988
780
|
/**
|
|
989
781
|
* API to add MSER Telemetry for the last failed request
|
|
@@ -993,23 +785,23 @@ class ServerTelemetryManager {
|
|
|
993
785
|
const maxErrors = ServerTelemetryManager.maxErrorsToSend(lastRequests);
|
|
994
786
|
const failedRequests = lastRequests.failedRequests
|
|
995
787
|
.slice(0, 2 * maxErrors)
|
|
996
|
-
.join(
|
|
788
|
+
.join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
997
789
|
const errors = lastRequests.errors
|
|
998
790
|
.slice(0, maxErrors)
|
|
999
|
-
.join(
|
|
791
|
+
.join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
1000
792
|
const errorCount = lastRequests.errors.length;
|
|
1001
793
|
// Indicate whether this header contains all data or partial data
|
|
1002
794
|
const overflow = maxErrors < errorCount
|
|
1003
|
-
?
|
|
1004
|
-
:
|
|
1005
|
-
const platformFields = [errorCount, overflow].join(
|
|
795
|
+
? SERVER_TELEM_OVERFLOW_TRUE
|
|
796
|
+
: SERVER_TELEM_OVERFLOW_FALSE;
|
|
797
|
+
const platformFields = [errorCount, overflow].join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
1006
798
|
return [
|
|
1007
|
-
|
|
799
|
+
SERVER_TELEM_SCHEMA_VERSION,
|
|
1008
800
|
lastRequests.cacheHits,
|
|
1009
801
|
failedRequests,
|
|
1010
802
|
errors,
|
|
1011
803
|
platformFields,
|
|
1012
|
-
].join(
|
|
804
|
+
].join(SERVER_TELEM_CATEGORY_SEPARATOR);
|
|
1013
805
|
}
|
|
1014
806
|
/**
|
|
1015
807
|
* API to cache token failures for MSER data capture
|
|
@@ -1018,7 +810,7 @@ class ServerTelemetryManager {
|
|
|
1018
810
|
cacheFailedRequest(error) {
|
|
1019
811
|
const lastRequests = this.getLastRequests();
|
|
1020
812
|
if (lastRequests.errors.length >=
|
|
1021
|
-
|
|
813
|
+
SERVER_TELEM_MAX_CACHED_ERRORS) {
|
|
1022
814
|
// Remove a cached error to make room, first in first out
|
|
1023
815
|
lastRequests.failedRequests.shift(); // apiId
|
|
1024
816
|
lastRequests.failedRequests.shift(); // correlationId
|
|
@@ -1042,7 +834,7 @@ class ServerTelemetryManager {
|
|
|
1042
834
|
}
|
|
1043
835
|
}
|
|
1044
836
|
else {
|
|
1045
|
-
lastRequests.errors.push(
|
|
837
|
+
lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
|
|
1046
838
|
}
|
|
1047
839
|
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
1048
840
|
return;
|
|
@@ -1065,7 +857,7 @@ class ServerTelemetryManager {
|
|
|
1065
857
|
errors: [],
|
|
1066
858
|
cacheHits: 0,
|
|
1067
859
|
};
|
|
1068
|
-
const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey);
|
|
860
|
+
const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey, this.correlationId);
|
|
1069
861
|
return lastRequests || initialValue;
|
|
1070
862
|
}
|
|
1071
863
|
/**
|
|
@@ -1100,18 +892,16 @@ class ServerTelemetryManager {
|
|
|
1100
892
|
const errorCount = serverTelemetryEntity.errors.length;
|
|
1101
893
|
for (i = 0; i < errorCount; i++) {
|
|
1102
894
|
// failedRequests parameter contains pairs of apiId and correlationId, multiply index by 2 to preserve pairs
|
|
1103
|
-
const apiId = serverTelemetryEntity.failedRequests[2 * i] ||
|
|
1104
|
-
|
|
1105
|
-
const
|
|
1106
|
-
Constants.EMPTY_STRING;
|
|
1107
|
-
const errorCode = serverTelemetryEntity.errors[i] || Constants.EMPTY_STRING;
|
|
895
|
+
const apiId = serverTelemetryEntity.failedRequests[2 * i] || "";
|
|
896
|
+
const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] || "";
|
|
897
|
+
const errorCode = serverTelemetryEntity.errors[i] || "";
|
|
1108
898
|
// Count number of characters that would be added to header, each character is 1 byte. Add 3 at the end to account for separators
|
|
1109
899
|
dataSize +=
|
|
1110
900
|
apiId.toString().length +
|
|
1111
901
|
correlationId.toString().length +
|
|
1112
902
|
errorCode.length +
|
|
1113
903
|
3;
|
|
1114
|
-
if (dataSize <
|
|
904
|
+
if (dataSize < SERVER_TELEM_MAX_LAST_HEADER_BYTES) {
|
|
1115
905
|
// Adding this entry to the header would still keep header size below the limit
|
|
1116
906
|
maxErrors += 1;
|
|
1117
907
|
}
|
|
@@ -1128,9 +918,9 @@ class ServerTelemetryManager {
|
|
|
1128
918
|
*/
|
|
1129
919
|
getRegionDiscoveryFields() {
|
|
1130
920
|
const regionDiscoveryFields = [];
|
|
1131
|
-
regionDiscoveryFields.push(this.regionUsed ||
|
|
1132
|
-
regionDiscoveryFields.push(this.regionSource ||
|
|
1133
|
-
regionDiscoveryFields.push(this.regionOutcome ||
|
|
921
|
+
regionDiscoveryFields.push(this.regionUsed || "");
|
|
922
|
+
regionDiscoveryFields.push(this.regionSource || "");
|
|
923
|
+
regionDiscoveryFields.push(this.regionOutcome || "");
|
|
1134
924
|
return regionDiscoveryFields.join(",");
|
|
1135
925
|
}
|
|
1136
926
|
/**
|
|
@@ -1177,15 +967,15 @@ class BasePersistence {
|
|
|
1177
967
|
// We are using a different location for the test to avoid overriding the functional cache
|
|
1178
968
|
const persistenceValidator = await this.createForPersistenceValidation();
|
|
1179
969
|
try {
|
|
1180
|
-
await persistenceValidator.save(Constants
|
|
970
|
+
await persistenceValidator.save(Constants.PERSISTENCE_TEST_DATA);
|
|
1181
971
|
const retrievedDummyData = await persistenceValidator.load();
|
|
1182
972
|
if (!retrievedDummyData) {
|
|
1183
973
|
throw PersistenceError.createCachePersistenceError("Persistence check failed. Data was written but it could not be read. " +
|
|
1184
974
|
"Possible cause: on Linux, LibSecret is installed but D-Bus isn't running \
|
|
1185
975
|
because it cannot be started over SSH.");
|
|
1186
976
|
}
|
|
1187
|
-
if (retrievedDummyData !== Constants
|
|
1188
|
-
throw PersistenceError.createCachePersistenceError(`Persistence check failed. Data written ${Constants
|
|
977
|
+
if (retrievedDummyData !== Constants.PERSISTENCE_TEST_DATA) {
|
|
978
|
+
throw PersistenceError.createCachePersistenceError(`Persistence check failed. Data written ${Constants.PERSISTENCE_TEST_DATA} is different \
|
|
1189
979
|
from data read ${retrievedDummyData}`);
|
|
1190
980
|
}
|
|
1191
981
|
await persistenceValidator.delete();
|
|
@@ -1278,9 +1068,9 @@ class FilePersistence extends BasePersistence {
|
|
|
1278
1068
|
}
|
|
1279
1069
|
catch (err) {
|
|
1280
1070
|
if (isNodeError(err)) {
|
|
1281
|
-
if (err.code === Constants
|
|
1071
|
+
if (err.code === Constants.ENOENT_ERROR) {
|
|
1282
1072
|
// file does not exist, so it was not deleted
|
|
1283
|
-
this.logger.warning("Cache file does not exist, so it could not be deleted");
|
|
1073
|
+
this.logger.warning("Cache file does not exist, so it could not be deleted", "");
|
|
1284
1074
|
return false;
|
|
1285
1075
|
}
|
|
1286
1076
|
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
@@ -1319,9 +1109,9 @@ class FilePersistence extends BasePersistence {
|
|
|
1319
1109
|
}
|
|
1320
1110
|
catch (err) {
|
|
1321
1111
|
if (isNodeError(err)) {
|
|
1322
|
-
if (err.code === Constants
|
|
1112
|
+
if (err.code === Constants.ENOENT_ERROR) {
|
|
1323
1113
|
// file does not exist, so it's never been modified
|
|
1324
|
-
this.logger.verbose("Cache file does not exist");
|
|
1114
|
+
this.logger.verbose("Cache file does not exist", "");
|
|
1325
1115
|
return 0;
|
|
1326
1116
|
}
|
|
1327
1117
|
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
@@ -1336,7 +1126,7 @@ class FilePersistence extends BasePersistence {
|
|
|
1336
1126
|
// File is created only if it does not exist
|
|
1337
1127
|
const fileHandle = await fs.promises.open(this.filePath, "a");
|
|
1338
1128
|
await fileHandle.close();
|
|
1339
|
-
this.logger.info(`File created at ${this.filePath}
|
|
1129
|
+
this.logger.info(`File created at ${this.filePath}`, "");
|
|
1340
1130
|
}
|
|
1341
1131
|
async createFileDirectory() {
|
|
1342
1132
|
try {
|
|
@@ -1344,8 +1134,8 @@ class FilePersistence extends BasePersistence {
|
|
|
1344
1134
|
}
|
|
1345
1135
|
catch (err) {
|
|
1346
1136
|
if (isNodeError(err)) {
|
|
1347
|
-
if (err.code === Constants
|
|
1348
|
-
this.logger.info(`Directory ${path.dirname(this.filePath)} already exists
|
|
1137
|
+
if (err.code === Constants.EEXIST_ERROR) {
|
|
1138
|
+
this.logger.info(`Directory ${path.dirname(this.filePath)} already exists`, "");
|
|
1349
1139
|
}
|
|
1350
1140
|
else {
|
|
1351
1141
|
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
@@ -1456,7 +1246,7 @@ class FilePersistenceWithDataProtection extends BasePersistence {
|
|
|
1456
1246
|
0 === encryptedContents.length) {
|
|
1457
1247
|
this.filePersistence
|
|
1458
1248
|
.getLogger()
|
|
1459
|
-
.info("Encrypted contents loaded from file were null or empty");
|
|
1249
|
+
.info("Encrypted contents loaded from file were null or empty", "");
|
|
1460
1250
|
return null;
|
|
1461
1251
|
}
|
|
1462
1252
|
return Dpapi.unprotectData(encryptedContents, this.optionalEntropy, this.scope.toString()).toString();
|
|
@@ -1653,19 +1443,19 @@ class LibSecretPersistence extends BasePersistence {
|
|
|
1653
1443
|
*/
|
|
1654
1444
|
class Environment {
|
|
1655
1445
|
static get homeEnvVar() {
|
|
1656
|
-
return this.getEnvironmentVariable(Constants
|
|
1446
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.HOME);
|
|
1657
1447
|
}
|
|
1658
1448
|
static get lognameEnvVar() {
|
|
1659
|
-
return this.getEnvironmentVariable(Constants
|
|
1449
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOGNAME);
|
|
1660
1450
|
}
|
|
1661
1451
|
static get userEnvVar() {
|
|
1662
|
-
return this.getEnvironmentVariable(Constants
|
|
1452
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.USER);
|
|
1663
1453
|
}
|
|
1664
1454
|
static get lnameEnvVar() {
|
|
1665
|
-
return this.getEnvironmentVariable(Constants
|
|
1455
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.LNAME);
|
|
1666
1456
|
}
|
|
1667
1457
|
static get usernameEnvVar() {
|
|
1668
|
-
return this.getEnvironmentVariable(Constants
|
|
1458
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.USERNAME);
|
|
1669
1459
|
}
|
|
1670
1460
|
static getEnvironmentVariable(name) {
|
|
1671
1461
|
return process.env[name] || "";
|
|
@@ -1686,7 +1476,7 @@ class Environment {
|
|
|
1686
1476
|
if (typeof process.getuid !== "function") {
|
|
1687
1477
|
return false;
|
|
1688
1478
|
}
|
|
1689
|
-
return process.getuid() === Constants
|
|
1479
|
+
return process.getuid() === Constants.LINUX_ROOT_USER_GUID;
|
|
1690
1480
|
}
|
|
1691
1481
|
static getUserRootDirectory() {
|
|
1692
1482
|
return !this.isWindowsPlatform()
|
|
@@ -1694,7 +1484,7 @@ class Environment {
|
|
|
1694
1484
|
: this.getUserHomeDirOnWindows();
|
|
1695
1485
|
}
|
|
1696
1486
|
static getUserHomeDirOnWindows() {
|
|
1697
|
-
return this.getEnvironmentVariable(Constants
|
|
1487
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOCAL_APPLICATION_DATA);
|
|
1698
1488
|
}
|
|
1699
1489
|
static getUserHomeDirOnUnix() {
|
|
1700
1490
|
if (this.isWindowsPlatform()) {
|
|
@@ -1789,34 +1579,6 @@ class PersistenceCreator {
|
|
|
1789
1579
|
}
|
|
1790
1580
|
}
|
|
1791
1581
|
|
|
1792
|
-
/*
|
|
1793
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1794
|
-
* Licensed under the MIT License.
|
|
1795
|
-
*/
|
|
1796
|
-
class StringUtils {
|
|
1797
|
-
/**
|
|
1798
|
-
* Converts a numeric tag to a string representation
|
|
1799
|
-
* @param tag - The numeric tag to convert
|
|
1800
|
-
* @returns The string representation of the tag
|
|
1801
|
-
*/
|
|
1802
|
-
static tagToString(tag) {
|
|
1803
|
-
if (tag === 0) {
|
|
1804
|
-
return "UNTAG";
|
|
1805
|
-
}
|
|
1806
|
-
const tagSymbolSpace = "abcdefghijklmnopqrstuvwxyz0123456789****************************";
|
|
1807
|
-
let tagBuffer = "*****";
|
|
1808
|
-
const chars = [
|
|
1809
|
-
tagSymbolSpace[(tag >> 24) & 0x3f],
|
|
1810
|
-
tagSymbolSpace[(tag >> 18) & 0x3f],
|
|
1811
|
-
tagSymbolSpace[(tag >> 12) & 0x3f],
|
|
1812
|
-
tagSymbolSpace[(tag >> 6) & 0x3f],
|
|
1813
|
-
tagSymbolSpace[(tag >> 0) & 0x3f],
|
|
1814
|
-
];
|
|
1815
|
-
tagBuffer = chars.join("");
|
|
1816
|
-
return tagBuffer;
|
|
1817
|
-
}
|
|
1818
|
-
}
|
|
1819
|
-
|
|
1820
1582
|
/*
|
|
1821
1583
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1822
1584
|
* Licensed under the MIT License.
|
|
@@ -1826,14 +1588,14 @@ class NativeAuthError extends AuthError {
|
|
|
1826
1588
|
super(errorStatus, errorContext);
|
|
1827
1589
|
this.name = "NativeAuthError";
|
|
1828
1590
|
this.statusCode = errorCode;
|
|
1829
|
-
this.tag =
|
|
1591
|
+
this.tag = errorTag;
|
|
1830
1592
|
Object.setPrototypeOf(this, NativeAuthError.prototype);
|
|
1831
1593
|
}
|
|
1832
1594
|
}
|
|
1833
1595
|
|
|
1834
1596
|
/* eslint-disable header/header */
|
|
1835
1597
|
const name = "@azure/msal-node-extensions";
|
|
1836
|
-
const version = "
|
|
1598
|
+
const version = "5.0.0-alpha.0";
|
|
1837
1599
|
|
|
1838
1600
|
/*
|
|
1839
1601
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1852,62 +1614,62 @@ class NativeBrokerPlugin {
|
|
|
1852
1614
|
}
|
|
1853
1615
|
setLogger(loggerOptions) {
|
|
1854
1616
|
this.logger = new Logger(loggerOptions, name, version);
|
|
1855
|
-
const logCallback = (message, logLevel, containsPii) => {
|
|
1617
|
+
const logCallback = (message, logLevel, containsPii, correlationId = "") => {
|
|
1856
1618
|
switch (logLevel) {
|
|
1857
1619
|
case msalNodeRuntime.LogLevel.Trace:
|
|
1858
1620
|
if (containsPii) {
|
|
1859
|
-
this.logger.tracePii(message);
|
|
1621
|
+
this.logger.tracePii(message, correlationId);
|
|
1860
1622
|
}
|
|
1861
1623
|
else {
|
|
1862
|
-
this.logger.trace(message);
|
|
1624
|
+
this.logger.trace(message, correlationId);
|
|
1863
1625
|
}
|
|
1864
1626
|
break;
|
|
1865
1627
|
case msalNodeRuntime.LogLevel.Debug:
|
|
1866
1628
|
if (containsPii) {
|
|
1867
|
-
this.logger.tracePii(message);
|
|
1629
|
+
this.logger.tracePii(message, correlationId);
|
|
1868
1630
|
}
|
|
1869
1631
|
else {
|
|
1870
|
-
this.logger.trace(message);
|
|
1632
|
+
this.logger.trace(message, correlationId);
|
|
1871
1633
|
}
|
|
1872
1634
|
break;
|
|
1873
1635
|
case msalNodeRuntime.LogLevel.Info:
|
|
1874
1636
|
if (containsPii) {
|
|
1875
|
-
this.logger.infoPii(message);
|
|
1637
|
+
this.logger.infoPii(message, correlationId);
|
|
1876
1638
|
}
|
|
1877
1639
|
else {
|
|
1878
|
-
this.logger.info(message);
|
|
1640
|
+
this.logger.info(message, correlationId);
|
|
1879
1641
|
}
|
|
1880
1642
|
break;
|
|
1881
1643
|
case msalNodeRuntime.LogLevel.Warning:
|
|
1882
1644
|
if (containsPii) {
|
|
1883
|
-
this.logger.warningPii(message);
|
|
1645
|
+
this.logger.warningPii(message, correlationId);
|
|
1884
1646
|
}
|
|
1885
1647
|
else {
|
|
1886
|
-
this.logger.warning(message);
|
|
1648
|
+
this.logger.warning(message, correlationId);
|
|
1887
1649
|
}
|
|
1888
1650
|
break;
|
|
1889
1651
|
case msalNodeRuntime.LogLevel.Error:
|
|
1890
1652
|
if (containsPii) {
|
|
1891
|
-
this.logger.errorPii(message);
|
|
1653
|
+
this.logger.errorPii(message, correlationId);
|
|
1892
1654
|
}
|
|
1893
1655
|
else {
|
|
1894
|
-
this.logger.error(message);
|
|
1656
|
+
this.logger.error(message, correlationId);
|
|
1895
1657
|
}
|
|
1896
1658
|
break;
|
|
1897
1659
|
case msalNodeRuntime.LogLevel.Fatal:
|
|
1898
1660
|
if (containsPii) {
|
|
1899
|
-
this.logger.errorPii(message);
|
|
1661
|
+
this.logger.errorPii(message, correlationId);
|
|
1900
1662
|
}
|
|
1901
1663
|
else {
|
|
1902
|
-
this.logger.error(message);
|
|
1664
|
+
this.logger.error(message, correlationId);
|
|
1903
1665
|
}
|
|
1904
1666
|
break;
|
|
1905
1667
|
default:
|
|
1906
1668
|
if (containsPii) {
|
|
1907
|
-
this.logger.infoPii(message);
|
|
1669
|
+
this.logger.infoPii(message, correlationId);
|
|
1908
1670
|
}
|
|
1909
1671
|
else {
|
|
1910
|
-
this.logger.info(message);
|
|
1672
|
+
this.logger.info(message, correlationId);
|
|
1911
1673
|
}
|
|
1912
1674
|
break;
|
|
1913
1675
|
}
|
|
@@ -1961,13 +1723,10 @@ class NativeBrokerPlugin {
|
|
|
1961
1723
|
async acquireTokenSilent(request) {
|
|
1962
1724
|
this.logger.trace("NativeBrokerPlugin - acquireTokenSilent called", request.correlationId);
|
|
1963
1725
|
const platformRequest = request;
|
|
1964
|
-
if (!platformRequest.redirectUri) {
|
|
1965
|
-
platformRequest.redirectUri =
|
|
1966
|
-
this.chooseRedirectUriByPlatform(platformRequest);
|
|
1967
|
-
this.logger.info("NativeBrokerPlugin - No Redirect URI provided, using default", platformRequest.correlationId);
|
|
1968
|
-
}
|
|
1969
1726
|
const authParams = this.generateRequestParameters(platformRequest);
|
|
1970
1727
|
const account = await this.getAccount(platformRequest);
|
|
1728
|
+
platformRequest.redirectUri =
|
|
1729
|
+
this.chooseRedirectUriByPlatform(platformRequest);
|
|
1971
1730
|
return new Promise((resolve, reject) => {
|
|
1972
1731
|
const resultCallback = (result) => {
|
|
1973
1732
|
try {
|
|
@@ -2002,12 +1761,9 @@ class NativeBrokerPlugin {
|
|
|
2002
1761
|
async acquireTokenInteractive(request, providedWindowHandle) {
|
|
2003
1762
|
this.logger.trace("NativeBrokerPlugin - acquireTokenInteractive called", request.correlationId);
|
|
2004
1763
|
const platformRequest = request;
|
|
2005
|
-
if (!platformRequest.redirectUri) {
|
|
2006
|
-
platformRequest.redirectUri =
|
|
2007
|
-
this.chooseRedirectUriByPlatform(platformRequest);
|
|
2008
|
-
this.logger.info("NativeBrokerPlugin - No Redirect URI provided, using default", platformRequest.correlationId);
|
|
2009
|
-
}
|
|
2010
1764
|
const authParams = this.generateRequestParameters(platformRequest);
|
|
1765
|
+
platformRequest.redirectUri =
|
|
1766
|
+
this.chooseRedirectUriByPlatform(platformRequest);
|
|
2011
1767
|
const account = await this.getAccount(platformRequest);
|
|
2012
1768
|
const windowHandle = providedWindowHandle || Buffer.from([0]);
|
|
2013
1769
|
return new Promise((resolve, reject) => {
|
|
@@ -2031,8 +1787,7 @@ class NativeBrokerPlugin {
|
|
|
2031
1787
|
case PromptValue.SELECT_ACCOUNT:
|
|
2032
1788
|
case PromptValue.CREATE:
|
|
2033
1789
|
this.logger.info("Calling native interop SignInInteractively API", platformRequest.correlationId);
|
|
2034
|
-
const loginHint = platformRequest.loginHint ||
|
|
2035
|
-
Constants.EMPTY_STRING;
|
|
1790
|
+
const loginHint = platformRequest.loginHint || "";
|
|
2036
1791
|
msalNodeRuntime.msalNodeRuntime.SignInInteractivelyAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
|
|
2037
1792
|
break;
|
|
2038
1793
|
case PromptValue.NONE:
|
|
@@ -2052,8 +1807,7 @@ class NativeBrokerPlugin {
|
|
|
2052
1807
|
}
|
|
2053
1808
|
else {
|
|
2054
1809
|
this.logger.info("Calling native interop SignIn API", platformRequest.correlationId);
|
|
2055
|
-
const loginHint = platformRequest.loginHint ||
|
|
2056
|
-
Constants.EMPTY_STRING;
|
|
1810
|
+
const loginHint = platformRequest.loginHint || "";
|
|
2057
1811
|
msalNodeRuntime.msalNodeRuntime.SignInAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
|
|
2058
1812
|
}
|
|
2059
1813
|
break;
|
|
@@ -2137,12 +1891,13 @@ class NativeBrokerPlugin {
|
|
|
2137
1891
|
const authParams = new msalNodeRuntime.msalNodeRuntime.AuthParameters();
|
|
2138
1892
|
try {
|
|
2139
1893
|
authParams.CreateAuthParameters(request.clientId, request.authority);
|
|
2140
|
-
authParams.SetRedirectUri(request
|
|
1894
|
+
authParams.SetRedirectUri(this.chooseRedirectUriByPlatform(request));
|
|
2141
1895
|
authParams.SetRequestedScopes(request.scopes.join(" "));
|
|
2142
1896
|
if (request.claims) {
|
|
2143
1897
|
authParams.SetDecodedClaims(request.claims);
|
|
2144
1898
|
}
|
|
2145
|
-
if (request.authenticationScheme ===
|
|
1899
|
+
if (request.authenticationScheme ===
|
|
1900
|
+
AuthenticationScheme.POP) {
|
|
2146
1901
|
if (!request.resourceRequestMethod ||
|
|
2147
1902
|
!request.resourceRequestUri) {
|
|
2148
1903
|
throw new Error("Authentication Scheme set to POP but one or more of the following parameters are missing: resourceRequestMethod, resourceRequestUri");
|
|
@@ -2233,12 +1988,12 @@ class NativeBrokerPlugin {
|
|
|
2233
1988
|
expiresOn: toDateFromSeconds(authResult.expiresOn),
|
|
2234
1989
|
tokenType: tokenType,
|
|
2235
1990
|
correlationId: request.correlationId,
|
|
2236
|
-
|
|
1991
|
+
fromPlatformBroker: true,
|
|
2237
1992
|
};
|
|
2238
1993
|
return result;
|
|
2239
1994
|
}
|
|
2240
1995
|
generateAccountInfo(account, idTokenClaims) {
|
|
2241
|
-
this.logger.trace("NativeBrokerPlugin - generateAccountInfo called");
|
|
1996
|
+
this.logger.trace("NativeBrokerPlugin - generateAccountInfo called", "");
|
|
2242
1997
|
const accountInfo = {
|
|
2243
1998
|
homeAccountId: account.homeAccountId,
|
|
2244
1999
|
environment: account.environment,
|
|
@@ -2262,14 +2017,10 @@ class NativeBrokerPlugin {
|
|
|
2262
2017
|
typeof error === "object" &&
|
|
2263
2018
|
this.isMsalRuntimeError(error)) {
|
|
2264
2019
|
const { errorCode, errorStatus, errorContext, errorTag } = error;
|
|
2265
|
-
const tagString = StringUtils.tagToString(errorTag);
|
|
2266
|
-
const enhancedErrorContext = errorContext
|
|
2267
|
-
? `${errorContext} (Error Code: ${errorCode}, Tag: ${tagString})`
|
|
2268
|
-
: `(Error Code: ${errorCode}, Tag: ${tagString})`;
|
|
2269
2020
|
switch (errorStatus) {
|
|
2270
2021
|
case msalNodeRuntime.ErrorStatus.InteractionRequired:
|
|
2271
2022
|
case msalNodeRuntime.ErrorStatus.AccountUnusable:
|
|
2272
|
-
return new InteractionRequiredAuthError(ErrorCodes.INTERATION_REQUIRED_ERROR_CODE,
|
|
2023
|
+
return new InteractionRequiredAuthError(ErrorCodes.INTERATION_REQUIRED_ERROR_CODE, errorContext);
|
|
2273
2024
|
case msalNodeRuntime.ErrorStatus.NoNetwork:
|
|
2274
2025
|
case msalNodeRuntime.ErrorStatus.NetworkTemporarilyUnavailable:
|
|
2275
2026
|
return createClientAuthError(noNetworkConnectivity);
|
|
@@ -2285,7 +2036,7 @@ class NativeBrokerPlugin {
|
|
|
2285
2036
|
case msalNodeRuntime.ErrorStatus.AccountNotFound:
|
|
2286
2037
|
return createClientAuthError(noAccountFound);
|
|
2287
2038
|
default:
|
|
2288
|
-
return new NativeAuthError(msalNodeRuntime.ErrorStatus[errorStatus],
|
|
2039
|
+
return new NativeAuthError(msalNodeRuntime.ErrorStatus[errorStatus], errorContext, errorCode, errorTag);
|
|
2289
2040
|
}
|
|
2290
2041
|
}
|
|
2291
2042
|
throw error;
|
|
@@ -2301,5 +2052,4 @@ exports.LibSecretPersistence = LibSecretPersistence;
|
|
|
2301
2052
|
exports.NativeBrokerPlugin = NativeBrokerPlugin;
|
|
2302
2053
|
exports.PersistenceCachePlugin = PersistenceCachePlugin;
|
|
2303
2054
|
exports.PersistenceCreator = PersistenceCreator;
|
|
2304
|
-
exports.StringUtils = StringUtils;
|
|
2305
2055
|
//# sourceMappingURL=msal-node-extensions.cjs.map
|