@azure/msal-node-extensions 1.5.26 → 5.0.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/arm64/dpapi.node +0 -0
- package/bin/ia32/dpapi.node +0 -0
- package/bin/x64/dpapi.node +0 -0
- package/dist/Dpapi.mjs +1 -1
- package/dist/broker/NativeBrokerPlugin.mjs +24 -25
- package/dist/broker/NativeBrokerPlugin.mjs.map +1 -1
- package/dist/error/PersistenceError.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs +2 -2
- package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/AuthError.mjs +16 -11
- package/dist/lib/msal-common/dist/error/AuthError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientAuthError.mjs +4 -57
- package/dist/lib/msal-common/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs +3 -48
- package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs +4 -31
- package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs +4 -31
- package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs +6 -7
- package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/PlatformBrokerError.mjs +4 -3
- package/dist/lib/msal-common/dist/error/PlatformBrokerError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ServerError.mjs +2 -2
- package/dist/lib/msal-common/dist/error/ServerError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/logger/Logger.mjs +91 -23
- package/dist/lib/msal-common/dist/logger/Logger.mjs.map +1 -1
- package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs +29 -31
- package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/lib/msal-common/dist/utils/Constants.mjs +15 -79
- package/dist/lib/msal-common/dist/utils/Constants.mjs.map +1 -1
- package/dist/lib/msal-common/dist/utils/TimeUtils.mjs +2 -2
- package/dist/lib/msal-common/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/lock/CrossPlatformLock.mjs +10 -10
- package/dist/lock/CrossPlatformLock.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/persistence/BasePersistence.mjs +1 -1
- package/dist/persistence/DataProtectionScope.mjs +1 -1
- package/dist/persistence/FilePersistence.mjs +5 -5
- package/dist/persistence/FilePersistence.mjs.map +1 -1
- package/dist/persistence/FilePersistenceWithDataProtection.mjs +2 -2
- package/dist/persistence/FilePersistenceWithDataProtection.mjs.map +1 -1
- package/dist/persistence/KeychainPersistence.mjs +1 -1
- package/dist/persistence/LibSecretPersistence.mjs +1 -1
- package/dist/persistence/PersistenceCachePlugin.mjs +12 -12
- package/dist/persistence/PersistenceCachePlugin.mjs.map +1 -1
- package/dist/persistence/PersistenceCreator.mjs +1 -1
- package/dist/utils/Constants.mjs +1 -1
- package/dist/utils/Environment.mjs +1 -1
- package/dist/utils/TypeGuards.mjs +1 -1
- package/lib/msal-node-extensions.cjs +259 -398
- package/lib/msal-node-extensions.cjs.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/package.json +4 -6
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-node-extensions
|
|
1
|
+
/*! @azure/msal-node-extensions v5.0.0-beta.0 2025-12-05 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
@@ -14,7 +14,7 @@ var _documentCurrentScript = typeof document !== 'undefined' ? document.currentS
|
|
|
14
14
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
15
15
|
* Licensed under the MIT License.
|
|
16
16
|
*/
|
|
17
|
-
const Constants
|
|
17
|
+
const Constants = {
|
|
18
18
|
/**
|
|
19
19
|
* An existing file was the target of an operation that required that the target not exist
|
|
20
20
|
*/
|
|
@@ -188,21 +188,21 @@ class CrossPlatformLock {
|
|
|
188
188
|
async lock() {
|
|
189
189
|
for (let tryCount = 0; tryCount < this.retryNumber; tryCount++) {
|
|
190
190
|
try {
|
|
191
|
-
this.logger.info(`Pid ${process$1.pid} trying to acquire lock
|
|
191
|
+
this.logger.info(`Pid ${process$1.pid} trying to acquire lock`, "");
|
|
192
192
|
this.lockFileHandle = await fs.promises.open(this.lockFilePath, "wx+");
|
|
193
|
-
this.logger.info(`Pid ${process$1.pid} acquired lock
|
|
193
|
+
this.logger.info(`Pid ${process$1.pid} acquired lock`, "");
|
|
194
194
|
await this.lockFileHandle.write(process$1.pid.toString());
|
|
195
195
|
return;
|
|
196
196
|
}
|
|
197
197
|
catch (err) {
|
|
198
198
|
if (isNodeError(err)) {
|
|
199
|
-
if (err.code === Constants
|
|
200
|
-
err.code === Constants
|
|
201
|
-
this.logger.info(err.message);
|
|
199
|
+
if (err.code === Constants.EEXIST_ERROR ||
|
|
200
|
+
err.code === Constants.EPERM_ERROR) {
|
|
201
|
+
this.logger.info(err.message, "");
|
|
202
202
|
await this.sleep(this.retryDelay);
|
|
203
203
|
}
|
|
204
204
|
else {
|
|
205
|
-
this.logger.error(`${process$1.pid} was not able to acquire lock. Ran into error: ${err.message}
|
|
205
|
+
this.logger.error(`${process$1.pid} was not able to acquire lock. Ran into error: ${err.message}`, "");
|
|
206
206
|
throw PersistenceError.createCrossPlatformLockError(err.message);
|
|
207
207
|
}
|
|
208
208
|
}
|
|
@@ -211,7 +211,7 @@ class CrossPlatformLock {
|
|
|
211
211
|
}
|
|
212
212
|
}
|
|
213
213
|
}
|
|
214
|
-
this.logger.error(`${process$1.pid} was not able to acquire lock. Exceeded amount of retries set in the options
|
|
214
|
+
this.logger.error(`${process$1.pid} was not able to acquire lock. Exceeded amount of retries set in the options`, "");
|
|
215
215
|
throw PersistenceError.createCrossPlatformLockError("Not able to acquire lock. Exceeded amount of retries set in options");
|
|
216
216
|
}
|
|
217
217
|
/**
|
|
@@ -223,19 +223,19 @@ class CrossPlatformLock {
|
|
|
223
223
|
// if we have a file handle to the .lockfile, delete lock file
|
|
224
224
|
await fs.promises.unlink(this.lockFilePath);
|
|
225
225
|
await this.lockFileHandle.close();
|
|
226
|
-
this.logger.info("lockfile deleted");
|
|
226
|
+
this.logger.info("lockfile deleted", "");
|
|
227
227
|
}
|
|
228
228
|
else {
|
|
229
|
-
this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted");
|
|
229
|
+
this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted", "");
|
|
230
230
|
}
|
|
231
231
|
}
|
|
232
232
|
catch (err) {
|
|
233
233
|
if (isNodeError(err)) {
|
|
234
|
-
if (err.code === Constants
|
|
235
|
-
this.logger.info("Tried to unlock but lockfile does not exist");
|
|
234
|
+
if (err.code === Constants.ENOENT_ERROR) {
|
|
235
|
+
this.logger.info("Tried to unlock but lockfile does not exist", "");
|
|
236
236
|
}
|
|
237
237
|
else {
|
|
238
|
-
this.logger.error(`${process$1.pid} was not able to release lock. Ran into error: ${err.message}
|
|
238
|
+
this.logger.error(`${process$1.pid} was not able to release lock. Ran into error: ${err.message}`, "");
|
|
239
239
|
throw PersistenceError.createCrossPlatformLockError(err.message);
|
|
240
240
|
}
|
|
241
241
|
}
|
|
@@ -289,17 +289,17 @@ class PersistenceCachePlugin {
|
|
|
289
289
|
* beforeCacheAccess() and afterCacheAccess().
|
|
290
290
|
*/
|
|
291
291
|
async beforeCacheAccess(cacheContext) {
|
|
292
|
-
this.logger.info("Executing before cache access");
|
|
292
|
+
this.logger.info("Executing before cache access", "");
|
|
293
293
|
const reloadNecessary = await this.persistence.reloadNecessary(this.lastSync);
|
|
294
294
|
if (!reloadNecessary && this.currentCache !== null) {
|
|
295
295
|
if (cacheContext.cacheHasChanged) {
|
|
296
|
-
this.logger.verbose("Cache context has changed");
|
|
296
|
+
this.logger.verbose("Cache context has changed", "");
|
|
297
297
|
await this.crossPlatformLock.lock();
|
|
298
298
|
}
|
|
299
299
|
return;
|
|
300
300
|
}
|
|
301
301
|
try {
|
|
302
|
-
this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}
|
|
302
|
+
this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}`, "");
|
|
303
303
|
await this.crossPlatformLock.lock();
|
|
304
304
|
this.currentCache = await this.persistence.load();
|
|
305
305
|
this.lastSync = new Date().getTime();
|
|
@@ -307,17 +307,17 @@ class PersistenceCachePlugin {
|
|
|
307
307
|
cacheContext.tokenCache.deserialize(this.currentCache);
|
|
308
308
|
}
|
|
309
309
|
else {
|
|
310
|
-
this.logger.info("Cache empty.");
|
|
310
|
+
this.logger.info("Cache empty.", "");
|
|
311
311
|
}
|
|
312
|
-
this.logger.info(`Last sync time updated to: ${this.lastSync}
|
|
312
|
+
this.logger.info(`Last sync time updated to: ${this.lastSync}`, "");
|
|
313
313
|
}
|
|
314
314
|
finally {
|
|
315
315
|
if (!cacheContext.cacheHasChanged) {
|
|
316
316
|
await this.crossPlatformLock.unlock();
|
|
317
|
-
this.logger.info(`Pid ${process$1.pid} released lock
|
|
317
|
+
this.logger.info(`Pid ${process$1.pid} released lock`, "");
|
|
318
318
|
}
|
|
319
319
|
else {
|
|
320
|
-
this.logger.info(`Pid ${process$1.pid} beforeCacheAccess did not release lock
|
|
320
|
+
this.logger.info(`Pid ${process$1.pid} beforeCacheAccess did not release lock`, "");
|
|
321
321
|
}
|
|
322
322
|
}
|
|
323
323
|
}
|
|
@@ -325,81 +325,25 @@ class PersistenceCachePlugin {
|
|
|
325
325
|
* Writes to storage if MSAL in memory copy of cache has been changed.
|
|
326
326
|
*/
|
|
327
327
|
async afterCacheAccess(cacheContext) {
|
|
328
|
-
this.logger.info("Executing after cache access");
|
|
328
|
+
this.logger.info("Executing after cache access", "");
|
|
329
329
|
try {
|
|
330
330
|
if (cacheContext.cacheHasChanged) {
|
|
331
|
-
this.logger.info("Msal in-memory cache has changed. Writing changes to persistence");
|
|
331
|
+
this.logger.info("Msal in-memory cache has changed. Writing changes to persistence", "");
|
|
332
332
|
this.currentCache = cacheContext.tokenCache.serialize();
|
|
333
333
|
await this.persistence.save(this.currentCache);
|
|
334
334
|
}
|
|
335
335
|
else {
|
|
336
|
-
this.logger.info("Msal in-memory cache has not changed. Did not write to persistence");
|
|
336
|
+
this.logger.info("Msal in-memory cache has not changed. Did not write to persistence", "");
|
|
337
337
|
}
|
|
338
338
|
}
|
|
339
339
|
finally {
|
|
340
340
|
await this.crossPlatformLock.unlock();
|
|
341
|
-
this.logger.info(`Pid ${process$1.pid} afterCacheAccess released lock
|
|
341
|
+
this.logger.info(`Pid ${process$1.pid} afterCacheAccess released lock`, "");
|
|
342
342
|
}
|
|
343
343
|
}
|
|
344
344
|
}
|
|
345
345
|
|
|
346
|
-
/*! @azure/msal-common
|
|
347
|
-
/*
|
|
348
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
349
|
-
* Licensed under the MIT License.
|
|
350
|
-
*/
|
|
351
|
-
const Constants = {
|
|
352
|
-
LIBRARY_NAME: "MSAL.JS",
|
|
353
|
-
SKU: "msal.js.common",
|
|
354
|
-
// default authority
|
|
355
|
-
DEFAULT_AUTHORITY: "https://login.microsoftonline.com/common/",
|
|
356
|
-
DEFAULT_AUTHORITY_HOST: "login.microsoftonline.com",
|
|
357
|
-
DEFAULT_COMMON_TENANT: "common",
|
|
358
|
-
// ADFS String
|
|
359
|
-
ADFS: "adfs",
|
|
360
|
-
DSTS: "dstsv2",
|
|
361
|
-
// Default AAD Instance Discovery Endpoint
|
|
362
|
-
AAD_INSTANCE_DISCOVERY_ENDPT: "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",
|
|
363
|
-
// CIAM URL
|
|
364
|
-
CIAM_AUTH_URL: ".ciamlogin.com",
|
|
365
|
-
AAD_TENANT_DOMAIN_SUFFIX: ".onmicrosoft.com",
|
|
366
|
-
// Resource delimiter - used for certain cache entries
|
|
367
|
-
RESOURCE_DELIM: "|",
|
|
368
|
-
// Placeholder for non-existent account ids/objects
|
|
369
|
-
NO_ACCOUNT: "NO_ACCOUNT",
|
|
370
|
-
// Claims
|
|
371
|
-
CLAIMS: "claims",
|
|
372
|
-
// Consumer UTID
|
|
373
|
-
CONSUMER_UTID: "9188040d-6c67-4c5b-b112-36a304b66dad",
|
|
374
|
-
// Default scopes
|
|
375
|
-
OPENID_SCOPE: "openid",
|
|
376
|
-
PROFILE_SCOPE: "profile",
|
|
377
|
-
OFFLINE_ACCESS_SCOPE: "offline_access",
|
|
378
|
-
EMAIL_SCOPE: "email",
|
|
379
|
-
CODE_GRANT_TYPE: "authorization_code",
|
|
380
|
-
RT_GRANT_TYPE: "refresh_token",
|
|
381
|
-
S256_CODE_CHALLENGE_METHOD: "S256",
|
|
382
|
-
URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8",
|
|
383
|
-
AUTHORIZATION_PENDING: "authorization_pending",
|
|
384
|
-
NOT_DEFINED: "not_defined",
|
|
385
|
-
EMPTY_STRING: "",
|
|
386
|
-
NOT_APPLICABLE: "N/A",
|
|
387
|
-
NOT_AVAILABLE: "Not Available",
|
|
388
|
-
FORWARD_SLASH: "/",
|
|
389
|
-
IMDS_ENDPOINT: "http://169.254.169.254/metadata/instance/compute/location",
|
|
390
|
-
IMDS_VERSION: "2020-06-01",
|
|
391
|
-
IMDS_TIMEOUT: 2000,
|
|
392
|
-
AZURE_REGION_AUTO_DISCOVER_FLAG: "TryAutoDetect",
|
|
393
|
-
REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: "login.microsoft.com",
|
|
394
|
-
KNOWN_PUBLIC_CLOUDS: [
|
|
395
|
-
"login.microsoftonline.com",
|
|
396
|
-
"login.windows.net",
|
|
397
|
-
"login.microsoft.com",
|
|
398
|
-
"sts.windows.net",
|
|
399
|
-
],
|
|
400
|
-
SHR_NONCE_VALIDITY: 240,
|
|
401
|
-
INVALID_INSTANCE: "invalid_instance",
|
|
402
|
-
};
|
|
346
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
403
347
|
/**
|
|
404
348
|
* we considered making this "enum" in the request instead of string, however it looks like the allowed list of
|
|
405
349
|
* prompt values kept changing over past couple of years. There are some undocumented prompt values for some
|
|
@@ -408,35 +352,27 @@ const Constants = {
|
|
|
408
352
|
const PromptValue = {
|
|
409
353
|
LOGIN: "login",
|
|
410
354
|
SELECT_ACCOUNT: "select_account",
|
|
411
|
-
CONSENT: "consent",
|
|
412
355
|
NONE: "none",
|
|
413
|
-
CREATE: "create"
|
|
414
|
-
NO_SESSION: "no_session",
|
|
415
|
-
};
|
|
356
|
+
CREATE: "create"};
|
|
416
357
|
/**
|
|
417
358
|
* Separators used in cache
|
|
418
359
|
*/
|
|
419
|
-
const
|
|
420
|
-
|
|
421
|
-
const
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
OVERFLOW_FALSE: "0",
|
|
430
|
-
UNKNOWN_ERROR: "unknown_error",
|
|
431
|
-
};
|
|
360
|
+
const CACHE_KEY_SEPARATOR = "-";
|
|
361
|
+
const SERVER_TELEM_SCHEMA_VERSION = 5;
|
|
362
|
+
const SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,
|
|
363
|
+
const SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains
|
|
364
|
+
const SERVER_TELEM_CACHE_KEY = "server-telemetry";
|
|
365
|
+
const SERVER_TELEM_CATEGORY_SEPARATOR = "|";
|
|
366
|
+
const SERVER_TELEM_VALUE_SEPARATOR = ",";
|
|
367
|
+
const SERVER_TELEM_OVERFLOW_TRUE = "1";
|
|
368
|
+
const SERVER_TELEM_OVERFLOW_FALSE = "0";
|
|
369
|
+
const SERVER_TELEM_UNKNOWN_ERROR = "unknown_error";
|
|
432
370
|
/**
|
|
433
371
|
* Type of the authentication request
|
|
434
372
|
*/
|
|
435
373
|
const AuthenticationScheme = {
|
|
436
374
|
BEARER: "Bearer",
|
|
437
|
-
POP: "pop"
|
|
438
|
-
SSH: "ssh-cert",
|
|
439
|
-
};
|
|
375
|
+
POP: "pop"};
|
|
440
376
|
/**
|
|
441
377
|
* Specifies the reason for fetching the access token from the identity provider
|
|
442
378
|
*/
|
|
@@ -444,20 +380,30 @@ const CacheOutcome = {
|
|
|
444
380
|
// When a token is found in the cache or the cache is not supposed to be hit when making the request
|
|
445
381
|
NOT_APPLICABLE: "0"};
|
|
446
382
|
|
|
447
|
-
/*! @azure/msal-common
|
|
383
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
384
|
+
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
385
|
+
|
|
386
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
387
|
+
/*
|
|
388
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
389
|
+
* Licensed under the MIT License.
|
|
390
|
+
*/
|
|
391
|
+
function getDefaultErrorMessage(code) {
|
|
392
|
+
return `See https://aka.ms/msal.js.errors#${code} for details`;
|
|
393
|
+
}
|
|
448
394
|
/**
|
|
449
395
|
* General error class thrown by the MSAL.js library.
|
|
450
396
|
*/
|
|
451
397
|
class AuthError extends Error {
|
|
452
398
|
constructor(errorCode, errorMessage, suberror) {
|
|
453
|
-
const
|
|
454
|
-
?
|
|
455
|
-
|
|
399
|
+
const message = errorMessage ||
|
|
400
|
+
(errorCode ? getDefaultErrorMessage(errorCode) : "");
|
|
401
|
+
const errorString = message ? `${errorCode}: ${message}` : errorCode;
|
|
456
402
|
super(errorString);
|
|
457
403
|
Object.setPrototypeOf(this, AuthError.prototype);
|
|
458
|
-
this.errorCode = errorCode ||
|
|
459
|
-
this.errorMessage =
|
|
460
|
-
this.subError = suberror ||
|
|
404
|
+
this.errorCode = errorCode || "";
|
|
405
|
+
this.errorMessage = message || "";
|
|
406
|
+
this.subError = suberror || "";
|
|
461
407
|
this.name = "AuthError";
|
|
462
408
|
}
|
|
463
409
|
setCorrelationId(correlationId) {
|
|
@@ -465,58 +411,27 @@ class AuthError extends Error {
|
|
|
465
411
|
}
|
|
466
412
|
}
|
|
467
413
|
|
|
468
|
-
/*! @azure/msal-common
|
|
414
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
415
|
+
|
|
469
416
|
/*
|
|
470
417
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
471
418
|
* Licensed under the MIT License.
|
|
472
419
|
*/
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
const maxAgeTranspired = "max_age_transpired";
|
|
487
|
-
const multipleMatchingTokens = "multiple_matching_tokens";
|
|
488
|
-
const multipleMatchingAccounts = "multiple_matching_accounts";
|
|
489
|
-
const multipleMatchingAppMetadata = "multiple_matching_appMetadata";
|
|
490
|
-
const requestCannotBeMade = "request_cannot_be_made";
|
|
491
|
-
const cannotRemoveEmptyScope = "cannot_remove_empty_scope";
|
|
492
|
-
const cannotAppendScopeSet = "cannot_append_scopeset";
|
|
493
|
-
const emptyInputScopeSet = "empty_input_scopeset";
|
|
494
|
-
const deviceCodePollingCancelled = "device_code_polling_cancelled";
|
|
495
|
-
const deviceCodeExpired = "device_code_expired";
|
|
496
|
-
const deviceCodeUnknownError = "device_code_unknown_error";
|
|
497
|
-
const noAccountInSilentRequest = "no_account_in_silent_request";
|
|
498
|
-
const invalidCacheRecord = "invalid_cache_record";
|
|
499
|
-
const invalidCacheEnvironment = "invalid_cache_environment";
|
|
500
|
-
const noAccountFound = "no_account_found";
|
|
501
|
-
const noCryptoObject = "no_crypto_object";
|
|
502
|
-
const unexpectedCredentialType = "unexpected_credential_type";
|
|
503
|
-
const invalidAssertion = "invalid_assertion";
|
|
504
|
-
const invalidClientCredential = "invalid_client_credential";
|
|
505
|
-
const tokenRefreshRequired = "token_refresh_required";
|
|
506
|
-
const userTimeoutReached = "user_timeout_reached";
|
|
507
|
-
const tokenClaimsCnfRequiredForSignedJwt = "token_claims_cnf_required_for_signedjwt";
|
|
508
|
-
const authorizationCodeMissingFromServerResponse = "authorization_code_missing_from_server_response";
|
|
509
|
-
const bindingKeyNotRemoved = "binding_key_not_removed";
|
|
510
|
-
const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
|
|
511
|
-
const keyIdMissing = "key_id_missing";
|
|
512
|
-
const noNetworkConnectivity = "no_network_connectivity";
|
|
513
|
-
const userCanceled = "user_canceled";
|
|
514
|
-
const missingTenantIdError = "missing_tenant_id_error";
|
|
515
|
-
const methodNotImplemented = "method_not_implemented";
|
|
516
|
-
const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
|
|
517
|
-
const platformBrokerError = "platform_broker_error";
|
|
420
|
+
/**
|
|
421
|
+
* Error thrown when there is an error in configuration of the MSAL.js library.
|
|
422
|
+
*/
|
|
423
|
+
class ClientConfigurationError extends AuthError {
|
|
424
|
+
constructor(errorCode) {
|
|
425
|
+
super(errorCode);
|
|
426
|
+
this.name = "ClientConfigurationError";
|
|
427
|
+
Object.setPrototypeOf(this, ClientConfigurationError.prototype);
|
|
428
|
+
}
|
|
429
|
+
}
|
|
430
|
+
function createClientConfigurationError(errorCode) {
|
|
431
|
+
return new ClientConfigurationError(errorCode);
|
|
432
|
+
}
|
|
518
433
|
|
|
519
|
-
/*! @azure/msal-common
|
|
434
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
520
435
|
|
|
521
436
|
/*
|
|
522
437
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -525,64 +440,12 @@ const platformBrokerError = "platform_broker_error";
|
|
|
525
440
|
/**
|
|
526
441
|
* ClientAuthErrorMessage class containing string constants used by error codes and messages.
|
|
527
442
|
*/
|
|
528
|
-
const ClientAuthErrorMessages = {
|
|
529
|
-
[clientInfoDecodingError]: "The client info could not be parsed/decoded correctly",
|
|
530
|
-
[clientInfoEmptyError]: "The client info was empty",
|
|
531
|
-
[tokenParsingError]: "Token cannot be parsed",
|
|
532
|
-
[nullOrEmptyToken]: "The token is null or empty",
|
|
533
|
-
[endpointResolutionError]: "Endpoints cannot be resolved",
|
|
534
|
-
[networkError]: "Network request failed",
|
|
535
|
-
[openIdConfigError]: "Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",
|
|
536
|
-
[hashNotDeserialized]: "The hash parameters could not be deserialized",
|
|
537
|
-
[invalidState]: "State was not the expected format",
|
|
538
|
-
[stateMismatch]: "State mismatch error",
|
|
539
|
-
[stateNotFound]: "State not found",
|
|
540
|
-
[nonceMismatch]: "Nonce mismatch error",
|
|
541
|
-
[authTimeNotFound]: "Max Age was requested and the ID token is missing the auth_time variable." +
|
|
542
|
-
" auth_time is an optional claim and is not enabled by default - it must be enabled." +
|
|
543
|
-
" See https://aka.ms/msaljs/optional-claims for more information.",
|
|
544
|
-
[maxAgeTranspired]: "Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",
|
|
545
|
-
[multipleMatchingTokens]: "The cache contains multiple tokens satisfying the requirements. " +
|
|
546
|
-
"Call AcquireToken again providing more requirements such as authority or account.",
|
|
547
|
-
[multipleMatchingAccounts]: "The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",
|
|
548
|
-
[multipleMatchingAppMetadata]: "The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",
|
|
549
|
-
[requestCannotBeMade]: "Token request cannot be made without authorization code or refresh token.",
|
|
550
|
-
[cannotRemoveEmptyScope]: "Cannot remove null or empty scope from ScopeSet",
|
|
551
|
-
[cannotAppendScopeSet]: "Cannot append ScopeSet",
|
|
552
|
-
[emptyInputScopeSet]: "Empty input ScopeSet cannot be processed",
|
|
553
|
-
[deviceCodePollingCancelled]: "Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",
|
|
554
|
-
[deviceCodeExpired]: "Device code is expired.",
|
|
555
|
-
[deviceCodeUnknownError]: "Device code stopped polling for unknown reasons.",
|
|
556
|
-
[noAccountInSilentRequest]: "Please pass an account object, silent flow is not supported without account information",
|
|
557
|
-
[invalidCacheRecord]: "Cache record object was null or undefined.",
|
|
558
|
-
[invalidCacheEnvironment]: "Invalid environment when attempting to create cache entry",
|
|
559
|
-
[noAccountFound]: "No account found in cache for given key.",
|
|
560
|
-
[noCryptoObject]: "No crypto object detected.",
|
|
561
|
-
[unexpectedCredentialType]: "Unexpected credential type.",
|
|
562
|
-
[invalidAssertion]: "Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",
|
|
563
|
-
[invalidClientCredential]: "Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",
|
|
564
|
-
[tokenRefreshRequired]: "Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",
|
|
565
|
-
[userTimeoutReached]: "User defined timeout for device code polling reached",
|
|
566
|
-
[tokenClaimsCnfRequiredForSignedJwt]: "Cannot generate a POP jwt if the token_claims are not populated",
|
|
567
|
-
[authorizationCodeMissingFromServerResponse]: "Server response does not contain an authorization code to proceed",
|
|
568
|
-
[bindingKeyNotRemoved]: "Could not remove the credential's binding key from storage.",
|
|
569
|
-
[endSessionEndpointNotSupported]: "The provided authority does not support logout",
|
|
570
|
-
[keyIdMissing]: "A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",
|
|
571
|
-
[noNetworkConnectivity]: "No network connectivity. Check your internet connection.",
|
|
572
|
-
[userCanceled]: "User cancelled the flow.",
|
|
573
|
-
[missingTenantIdError]: "A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",
|
|
574
|
-
[methodNotImplemented]: "This method has not been implemented",
|
|
575
|
-
[nestedAppAuthBridgeDisabled]: "The nested app auth bridge is disabled",
|
|
576
|
-
[platformBrokerError]: "An error occurred in the native broker. See the platformBrokerError property for details.",
|
|
577
|
-
};
|
|
578
443
|
/**
|
|
579
444
|
* Error thrown when there is an error in the client code running on the browser.
|
|
580
445
|
*/
|
|
581
446
|
class ClientAuthError extends AuthError {
|
|
582
447
|
constructor(errorCode, additionalMessage) {
|
|
583
|
-
super(errorCode, additionalMessage
|
|
584
|
-
? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}`
|
|
585
|
-
: ClientAuthErrorMessages[errorCode]);
|
|
448
|
+
super(errorCode, additionalMessage);
|
|
586
449
|
this.name = "ClientAuthError";
|
|
587
450
|
Object.setPrototypeOf(this, ClientAuthError.prototype);
|
|
588
451
|
}
|
|
@@ -591,8 +454,16 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
591
454
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
592
455
|
}
|
|
593
456
|
|
|
594
|
-
/*! @azure/msal-common
|
|
457
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
458
|
+
const untrustedAuthority = "untrusted_authority";
|
|
459
|
+
|
|
460
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
461
|
+
const noAccountFound = "no_account_found";
|
|
462
|
+
const noNetworkConnectivity = "no_network_connectivity";
|
|
463
|
+
const userCanceled = "user_canceled";
|
|
464
|
+
const platformBrokerError = "platform_broker_error";
|
|
595
465
|
|
|
466
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
596
467
|
/*
|
|
597
468
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
598
469
|
* Licensed under the MIT License.
|
|
@@ -608,6 +479,70 @@ var LogLevel;
|
|
|
608
479
|
LogLevel[LogLevel["Verbose"] = 3] = "Verbose";
|
|
609
480
|
LogLevel[LogLevel["Trace"] = 4] = "Trace";
|
|
610
481
|
})(LogLevel || (LogLevel = {}));
|
|
482
|
+
// Shared cache state for better minification - using Map's insertion order for LRU
|
|
483
|
+
const CACHE_CAPACITY = 50;
|
|
484
|
+
const MAX_LOGS_PER_CORRELATION = 500;
|
|
485
|
+
const correlationCache = new Map();
|
|
486
|
+
/**
|
|
487
|
+
* Mark correlation ID as recently used by moving it to end of Map
|
|
488
|
+
* @param correlationId
|
|
489
|
+
* @param {CorrelationLogData} data
|
|
490
|
+
*/
|
|
491
|
+
function markAsRecentlyUsed(correlationId, data) {
|
|
492
|
+
correlationCache.delete(correlationId);
|
|
493
|
+
correlationCache.set(correlationId, data);
|
|
494
|
+
}
|
|
495
|
+
/**
|
|
496
|
+
* Add log message to cache for specific correlation ID
|
|
497
|
+
* @param correlationId
|
|
498
|
+
* @param {LoggedMessage} loggedMessage
|
|
499
|
+
*/
|
|
500
|
+
function addLogToCache(correlationId, loggedMessage) {
|
|
501
|
+
const currentTime = Date.now();
|
|
502
|
+
let data = correlationCache.get(correlationId);
|
|
503
|
+
if (data) {
|
|
504
|
+
// Mark as recently used
|
|
505
|
+
markAsRecentlyUsed(correlationId, data);
|
|
506
|
+
}
|
|
507
|
+
else {
|
|
508
|
+
// Create new entry
|
|
509
|
+
data = { logs: [], firstEventTime: currentTime };
|
|
510
|
+
correlationCache.set(correlationId, data);
|
|
511
|
+
// Remove LRU (first entry) if capacity exceeded
|
|
512
|
+
if (correlationCache.size > CACHE_CAPACITY) {
|
|
513
|
+
const firstKey = correlationCache.keys().next().value;
|
|
514
|
+
if (firstKey) {
|
|
515
|
+
correlationCache.delete(firstKey);
|
|
516
|
+
}
|
|
517
|
+
}
|
|
518
|
+
}
|
|
519
|
+
// Add log to the data, maintaining max logs per correlation
|
|
520
|
+
data.logs.push({
|
|
521
|
+
...loggedMessage,
|
|
522
|
+
milliseconds: currentTime - data.firstEventTime,
|
|
523
|
+
});
|
|
524
|
+
if (data.logs.length > MAX_LOGS_PER_CORRELATION) {
|
|
525
|
+
data.logs.shift(); // Remove oldest log
|
|
526
|
+
}
|
|
527
|
+
}
|
|
528
|
+
/**
|
|
529
|
+
* Checks if a string is already a hashed logging string (6 alphanumeric characters)
|
|
530
|
+
*/
|
|
531
|
+
function isHashedString(str) {
|
|
532
|
+
if (str.length !== 6) {
|
|
533
|
+
return false;
|
|
534
|
+
}
|
|
535
|
+
for (let i = 0; i < str.length; i++) {
|
|
536
|
+
const char = str[i];
|
|
537
|
+
const isAlphaNumeric = (char >= "a" && char <= "z") ||
|
|
538
|
+
(char >= "A" && char <= "Z") ||
|
|
539
|
+
(char >= "0" && char <= "9");
|
|
540
|
+
if (!isAlphaNumeric) {
|
|
541
|
+
return false;
|
|
542
|
+
}
|
|
543
|
+
}
|
|
544
|
+
return true;
|
|
545
|
+
}
|
|
611
546
|
/**
|
|
612
547
|
* Class which facilitates logging of messages to a specific place.
|
|
613
548
|
*/
|
|
@@ -626,10 +561,8 @@ class Logger {
|
|
|
626
561
|
typeof setLoggerOptions.logLevel === "number"
|
|
627
562
|
? setLoggerOptions.logLevel
|
|
628
563
|
: LogLevel.Info;
|
|
629
|
-
this.
|
|
630
|
-
|
|
631
|
-
this.packageName = packageName || Constants.EMPTY_STRING;
|
|
632
|
-
this.packageVersion = packageVersion || Constants.EMPTY_STRING;
|
|
564
|
+
this.packageName = packageName || "";
|
|
565
|
+
this.packageVersion = packageVersion || "";
|
|
633
566
|
}
|
|
634
567
|
static createDefaultLoggerOptions() {
|
|
635
568
|
return {
|
|
@@ -643,27 +576,36 @@ class Logger {
|
|
|
643
576
|
/**
|
|
644
577
|
* Create new Logger with existing configurations.
|
|
645
578
|
*/
|
|
646
|
-
clone(packageName, packageVersion
|
|
579
|
+
clone(packageName, packageVersion) {
|
|
647
580
|
return new Logger({
|
|
648
581
|
loggerCallback: this.localCallback,
|
|
649
582
|
piiLoggingEnabled: this.piiLoggingEnabled,
|
|
650
583
|
logLevel: this.level,
|
|
651
|
-
correlationId: correlationId || this.correlationId,
|
|
652
584
|
}, packageName, packageVersion);
|
|
653
585
|
}
|
|
654
586
|
/**
|
|
655
587
|
* Log message with required options.
|
|
656
588
|
*/
|
|
657
589
|
logMessage(logMessage, options) {
|
|
590
|
+
const correlationId = options.correlationId;
|
|
591
|
+
const isHashedInput = isHashedString(logMessage);
|
|
592
|
+
if (isHashedInput) {
|
|
593
|
+
const loggedMessage = {
|
|
594
|
+
hash: logMessage,
|
|
595
|
+
level: options.logLevel,
|
|
596
|
+
containsPii: options.containsPii || false,
|
|
597
|
+
milliseconds: 0, // Will be calculated in addLogToCache
|
|
598
|
+
};
|
|
599
|
+
addLogToCache(correlationId, loggedMessage);
|
|
600
|
+
}
|
|
658
601
|
if (options.logLevel > this.level ||
|
|
659
602
|
(!this.piiLoggingEnabled && options.containsPii)) {
|
|
660
603
|
return;
|
|
661
604
|
}
|
|
662
605
|
const timestamp = new Date().toUTCString();
|
|
663
606
|
// Add correlationId to logs if set, correlationId provided on log messages take precedence
|
|
664
|
-
const logHeader = `[${timestamp}] : [${
|
|
607
|
+
const logHeader = `[${timestamp}] : [${correlationId}]`;
|
|
665
608
|
const log = `${logHeader} : ${this.packageName}@${this.packageVersion} : ${LogLevel[options.logLevel]} - ${logMessage}`;
|
|
666
|
-
// debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? "-Pii": Constants.EMPTY_STRING}${options.context ? `:${options.context}` : Constants.EMPTY_STRING}`)(logMessage);
|
|
667
609
|
this.executeCallback(options.logLevel, log, options.containsPii || false);
|
|
668
610
|
}
|
|
669
611
|
/**
|
|
@@ -681,7 +623,7 @@ class Logger {
|
|
|
681
623
|
this.logMessage(message, {
|
|
682
624
|
logLevel: LogLevel.Error,
|
|
683
625
|
containsPii: false,
|
|
684
|
-
correlationId: correlationId
|
|
626
|
+
correlationId: correlationId,
|
|
685
627
|
});
|
|
686
628
|
}
|
|
687
629
|
/**
|
|
@@ -691,7 +633,7 @@ class Logger {
|
|
|
691
633
|
this.logMessage(message, {
|
|
692
634
|
logLevel: LogLevel.Error,
|
|
693
635
|
containsPii: true,
|
|
694
|
-
correlationId: correlationId
|
|
636
|
+
correlationId: correlationId,
|
|
695
637
|
});
|
|
696
638
|
}
|
|
697
639
|
/**
|
|
@@ -701,7 +643,7 @@ class Logger {
|
|
|
701
643
|
this.logMessage(message, {
|
|
702
644
|
logLevel: LogLevel.Warning,
|
|
703
645
|
containsPii: false,
|
|
704
|
-
correlationId: correlationId
|
|
646
|
+
correlationId: correlationId,
|
|
705
647
|
});
|
|
706
648
|
}
|
|
707
649
|
/**
|
|
@@ -711,7 +653,7 @@ class Logger {
|
|
|
711
653
|
this.logMessage(message, {
|
|
712
654
|
logLevel: LogLevel.Warning,
|
|
713
655
|
containsPii: true,
|
|
714
|
-
correlationId: correlationId
|
|
656
|
+
correlationId: correlationId,
|
|
715
657
|
});
|
|
716
658
|
}
|
|
717
659
|
/**
|
|
@@ -721,7 +663,7 @@ class Logger {
|
|
|
721
663
|
this.logMessage(message, {
|
|
722
664
|
logLevel: LogLevel.Info,
|
|
723
665
|
containsPii: false,
|
|
724
|
-
correlationId: correlationId
|
|
666
|
+
correlationId: correlationId,
|
|
725
667
|
});
|
|
726
668
|
}
|
|
727
669
|
/**
|
|
@@ -731,7 +673,7 @@ class Logger {
|
|
|
731
673
|
this.logMessage(message, {
|
|
732
674
|
logLevel: LogLevel.Info,
|
|
733
675
|
containsPii: true,
|
|
734
|
-
correlationId: correlationId
|
|
676
|
+
correlationId: correlationId,
|
|
735
677
|
});
|
|
736
678
|
}
|
|
737
679
|
/**
|
|
@@ -741,7 +683,7 @@ class Logger {
|
|
|
741
683
|
this.logMessage(message, {
|
|
742
684
|
logLevel: LogLevel.Verbose,
|
|
743
685
|
containsPii: false,
|
|
744
|
-
correlationId: correlationId
|
|
686
|
+
correlationId: correlationId,
|
|
745
687
|
});
|
|
746
688
|
}
|
|
747
689
|
/**
|
|
@@ -751,7 +693,7 @@ class Logger {
|
|
|
751
693
|
this.logMessage(message, {
|
|
752
694
|
logLevel: LogLevel.Verbose,
|
|
753
695
|
containsPii: true,
|
|
754
|
-
correlationId: correlationId
|
|
696
|
+
correlationId: correlationId,
|
|
755
697
|
});
|
|
756
698
|
}
|
|
757
699
|
/**
|
|
@@ -761,7 +703,7 @@ class Logger {
|
|
|
761
703
|
this.logMessage(message, {
|
|
762
704
|
logLevel: LogLevel.Trace,
|
|
763
705
|
containsPii: false,
|
|
764
|
-
correlationId: correlationId
|
|
706
|
+
correlationId: correlationId,
|
|
765
707
|
});
|
|
766
708
|
}
|
|
767
709
|
/**
|
|
@@ -771,7 +713,7 @@ class Logger {
|
|
|
771
713
|
this.logMessage(message, {
|
|
772
714
|
logLevel: LogLevel.Trace,
|
|
773
715
|
containsPii: true,
|
|
774
|
-
correlationId: correlationId
|
|
716
|
+
correlationId: correlationId,
|
|
775
717
|
});
|
|
776
718
|
}
|
|
777
719
|
/**
|
|
@@ -782,98 +724,7 @@ class Logger {
|
|
|
782
724
|
}
|
|
783
725
|
}
|
|
784
726
|
|
|
785
|
-
/*! @azure/msal-common
|
|
786
|
-
/*
|
|
787
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
788
|
-
* Licensed under the MIT License.
|
|
789
|
-
*/
|
|
790
|
-
const redirectUriEmpty = "redirect_uri_empty";
|
|
791
|
-
const claimsRequestParsingError = "claims_request_parsing_error";
|
|
792
|
-
const authorityUriInsecure = "authority_uri_insecure";
|
|
793
|
-
const urlParseError = "url_parse_error";
|
|
794
|
-
const urlEmptyError = "empty_url_error";
|
|
795
|
-
const emptyInputScopesError = "empty_input_scopes_error";
|
|
796
|
-
const invalidClaims = "invalid_claims";
|
|
797
|
-
const tokenRequestEmpty = "token_request_empty";
|
|
798
|
-
const logoutRequestEmpty = "logout_request_empty";
|
|
799
|
-
const invalidCodeChallengeMethod = "invalid_code_challenge_method";
|
|
800
|
-
const pkceParamsMissing = "pkce_params_missing";
|
|
801
|
-
const invalidCloudDiscoveryMetadata = "invalid_cloud_discovery_metadata";
|
|
802
|
-
const invalidAuthorityMetadata = "invalid_authority_metadata";
|
|
803
|
-
const untrustedAuthority = "untrusted_authority";
|
|
804
|
-
const missingSshJwk = "missing_ssh_jwk";
|
|
805
|
-
const missingSshKid = "missing_ssh_kid";
|
|
806
|
-
const missingNonceAuthenticationHeader = "missing_nonce_authentication_header";
|
|
807
|
-
const invalidAuthenticationHeader = "invalid_authentication_header";
|
|
808
|
-
const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
809
|
-
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
810
|
-
const authorityMismatch = "authority_mismatch";
|
|
811
|
-
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
812
|
-
const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
|
|
813
|
-
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
814
|
-
|
|
815
|
-
/*! @azure/msal-common v15.13.3 2025-12-04 */
|
|
816
|
-
|
|
817
|
-
/*
|
|
818
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
819
|
-
* Licensed under the MIT License.
|
|
820
|
-
*/
|
|
821
|
-
const ClientConfigurationErrorMessages = {
|
|
822
|
-
[redirectUriEmpty]: "A redirect URI is required for all calls, and none has been set.",
|
|
823
|
-
[claimsRequestParsingError]: "Could not parse the given claims request object.",
|
|
824
|
-
[authorityUriInsecure]: "Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",
|
|
825
|
-
[urlParseError]: "URL could not be parsed into appropriate segments.",
|
|
826
|
-
[urlEmptyError]: "URL was empty or null.",
|
|
827
|
-
[emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",
|
|
828
|
-
[invalidClaims]: "Given claims parameter must be a stringified JSON object.",
|
|
829
|
-
[tokenRequestEmpty]: "Token request was empty and not found in cache.",
|
|
830
|
-
[logoutRequestEmpty]: "The logout request was null or undefined.",
|
|
831
|
-
[invalidCodeChallengeMethod]: 'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',
|
|
832
|
-
[pkceParamsMissing]: "Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",
|
|
833
|
-
[invalidCloudDiscoveryMetadata]: "Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",
|
|
834
|
-
[invalidAuthorityMetadata]: "Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",
|
|
835
|
-
[untrustedAuthority]: "The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",
|
|
836
|
-
[missingSshJwk]: "Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",
|
|
837
|
-
[missingSshKid]: "Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",
|
|
838
|
-
[missingNonceAuthenticationHeader]: "Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",
|
|
839
|
-
[invalidAuthenticationHeader]: "Invalid authentication header provided",
|
|
840
|
-
[cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
|
|
841
|
-
[cannotAllowPlatformBroker]: "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
|
|
842
|
-
[authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
|
|
843
|
-
[invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
|
|
844
|
-
[invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
|
|
845
|
-
[invalidPlatformBrokerConfiguration]: "Invalid platform broker configuration. `allowPlatformBrokerWithDOM` can only be enabled when `allowPlatformBroker` is enabled.",
|
|
846
|
-
};
|
|
847
|
-
/**
|
|
848
|
-
* Error thrown when there is an error in configuration of the MSAL.js library.
|
|
849
|
-
*/
|
|
850
|
-
class ClientConfigurationError extends AuthError {
|
|
851
|
-
constructor(errorCode) {
|
|
852
|
-
super(errorCode, ClientConfigurationErrorMessages[errorCode]);
|
|
853
|
-
this.name = "ClientConfigurationError";
|
|
854
|
-
Object.setPrototypeOf(this, ClientConfigurationError.prototype);
|
|
855
|
-
}
|
|
856
|
-
}
|
|
857
|
-
function createClientConfigurationError(errorCode) {
|
|
858
|
-
return new ClientConfigurationError(errorCode);
|
|
859
|
-
}
|
|
860
|
-
|
|
861
|
-
/*! @azure/msal-common v15.13.3 2025-12-04 */
|
|
862
|
-
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
863
|
-
|
|
864
|
-
/*! @azure/msal-common v15.13.3 2025-12-04 */
|
|
865
|
-
/**
|
|
866
|
-
* Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
|
|
867
|
-
* @param seconds
|
|
868
|
-
*/
|
|
869
|
-
function toDateFromSeconds(seconds) {
|
|
870
|
-
if (seconds) {
|
|
871
|
-
return new Date(Number(seconds) * 1000);
|
|
872
|
-
}
|
|
873
|
-
return new Date();
|
|
874
|
-
}
|
|
875
|
-
|
|
876
|
-
/*! @azure/msal-common v15.13.3 2025-12-04 */
|
|
727
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
877
728
|
|
|
878
729
|
/*
|
|
879
730
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -892,7 +743,7 @@ class ServerError extends AuthError {
|
|
|
892
743
|
}
|
|
893
744
|
}
|
|
894
745
|
|
|
895
|
-
/*! @azure/msal-common
|
|
746
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
896
747
|
/**
|
|
897
748
|
* Error thrown when user interaction is required.
|
|
898
749
|
*/
|
|
@@ -900,23 +751,36 @@ class InteractionRequiredAuthError extends AuthError {
|
|
|
900
751
|
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
901
752
|
super(errorCode, errorMessage, subError);
|
|
902
753
|
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
903
|
-
this.timestamp = timestamp ||
|
|
904
|
-
this.traceId = traceId ||
|
|
905
|
-
this.correlationId = correlationId ||
|
|
906
|
-
this.claims = claims ||
|
|
754
|
+
this.timestamp = timestamp || "";
|
|
755
|
+
this.traceId = traceId || "";
|
|
756
|
+
this.correlationId = correlationId || "";
|
|
757
|
+
this.claims = claims || "";
|
|
907
758
|
this.name = "InteractionRequiredAuthError";
|
|
908
759
|
this.errorNo = errorNo;
|
|
909
760
|
}
|
|
910
761
|
}
|
|
911
762
|
|
|
912
|
-
/*! @azure/msal-common
|
|
763
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
764
|
+
/**
|
|
765
|
+
* Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
|
|
766
|
+
* @param seconds
|
|
767
|
+
*/
|
|
768
|
+
function toDateFromSeconds(seconds) {
|
|
769
|
+
if (seconds) {
|
|
770
|
+
return new Date(Number(seconds) * 1000);
|
|
771
|
+
}
|
|
772
|
+
return new Date();
|
|
773
|
+
}
|
|
774
|
+
|
|
775
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
913
776
|
|
|
914
777
|
/*
|
|
915
778
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
916
779
|
* Licensed under the MIT License.
|
|
917
780
|
*/
|
|
918
781
|
/**
|
|
919
|
-
* Converts a numeric tag to a string representation
|
|
782
|
+
* Converts a numeric tag from MSAL Runtime to a 5-character string representation.
|
|
783
|
+
* Tags are encoded as 30-bit values (6 bits per character) using a custom symbol space.
|
|
920
784
|
* @param tag - The numeric tag to convert
|
|
921
785
|
* @returns The string representation of the tag
|
|
922
786
|
*/
|
|
@@ -953,7 +817,7 @@ class PlatformBrokerError extends AuthError {
|
|
|
953
817
|
}
|
|
954
818
|
}
|
|
955
819
|
|
|
956
|
-
/*! @azure/msal-common
|
|
820
|
+
/*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
|
|
957
821
|
|
|
958
822
|
/*
|
|
959
823
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1004,34 +868,34 @@ class ServerTelemetryManager {
|
|
|
1004
868
|
this.cacheManager = cacheManager;
|
|
1005
869
|
this.apiId = telemetryRequest.apiId;
|
|
1006
870
|
this.correlationId = telemetryRequest.correlationId;
|
|
1007
|
-
this.wrapperSKU = telemetryRequest.wrapperSKU ||
|
|
1008
|
-
this.wrapperVer = telemetryRequest.wrapperVer ||
|
|
871
|
+
this.wrapperSKU = telemetryRequest.wrapperSKU || "";
|
|
872
|
+
this.wrapperVer = telemetryRequest.wrapperVer || "";
|
|
1009
873
|
this.telemetryCacheKey =
|
|
1010
|
-
|
|
1011
|
-
|
|
874
|
+
SERVER_TELEM_CACHE_KEY +
|
|
875
|
+
CACHE_KEY_SEPARATOR +
|
|
1012
876
|
telemetryRequest.clientId;
|
|
1013
877
|
}
|
|
1014
878
|
/**
|
|
1015
879
|
* API to add MSER Telemetry to request
|
|
1016
880
|
*/
|
|
1017
881
|
generateCurrentRequestHeaderValue() {
|
|
1018
|
-
const request = `${this.apiId}${
|
|
882
|
+
const request = `${this.apiId}${SERVER_TELEM_VALUE_SEPARATOR}${this.cacheOutcome}`;
|
|
1019
883
|
const platformFieldsArr = [this.wrapperSKU, this.wrapperVer];
|
|
1020
884
|
const nativeBrokerErrorCode = this.getNativeBrokerErrorCode();
|
|
1021
885
|
if (nativeBrokerErrorCode?.length) {
|
|
1022
886
|
platformFieldsArr.push(`broker_error=${nativeBrokerErrorCode}`);
|
|
1023
887
|
}
|
|
1024
|
-
const platformFields = platformFieldsArr.join(
|
|
888
|
+
const platformFields = platformFieldsArr.join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
1025
889
|
const regionDiscoveryFields = this.getRegionDiscoveryFields();
|
|
1026
890
|
const requestWithRegionDiscoveryFields = [
|
|
1027
891
|
request,
|
|
1028
892
|
regionDiscoveryFields,
|
|
1029
|
-
].join(
|
|
893
|
+
].join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
1030
894
|
return [
|
|
1031
|
-
|
|
895
|
+
SERVER_TELEM_SCHEMA_VERSION,
|
|
1032
896
|
requestWithRegionDiscoveryFields,
|
|
1033
897
|
platformFields,
|
|
1034
|
-
].join(
|
|
898
|
+
].join(SERVER_TELEM_CATEGORY_SEPARATOR);
|
|
1035
899
|
}
|
|
1036
900
|
/**
|
|
1037
901
|
* API to add MSER Telemetry for the last failed request
|
|
@@ -1041,23 +905,23 @@ class ServerTelemetryManager {
|
|
|
1041
905
|
const maxErrors = ServerTelemetryManager.maxErrorsToSend(lastRequests);
|
|
1042
906
|
const failedRequests = lastRequests.failedRequests
|
|
1043
907
|
.slice(0, 2 * maxErrors)
|
|
1044
|
-
.join(
|
|
908
|
+
.join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
1045
909
|
const errors = lastRequests.errors
|
|
1046
910
|
.slice(0, maxErrors)
|
|
1047
|
-
.join(
|
|
911
|
+
.join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
1048
912
|
const errorCount = lastRequests.errors.length;
|
|
1049
913
|
// Indicate whether this header contains all data or partial data
|
|
1050
914
|
const overflow = maxErrors < errorCount
|
|
1051
|
-
?
|
|
1052
|
-
:
|
|
1053
|
-
const platformFields = [errorCount, overflow].join(
|
|
915
|
+
? SERVER_TELEM_OVERFLOW_TRUE
|
|
916
|
+
: SERVER_TELEM_OVERFLOW_FALSE;
|
|
917
|
+
const platformFields = [errorCount, overflow].join(SERVER_TELEM_VALUE_SEPARATOR);
|
|
1054
918
|
return [
|
|
1055
|
-
|
|
919
|
+
SERVER_TELEM_SCHEMA_VERSION,
|
|
1056
920
|
lastRequests.cacheHits,
|
|
1057
921
|
failedRequests,
|
|
1058
922
|
errors,
|
|
1059
923
|
platformFields,
|
|
1060
|
-
].join(
|
|
924
|
+
].join(SERVER_TELEM_CATEGORY_SEPARATOR);
|
|
1061
925
|
}
|
|
1062
926
|
/**
|
|
1063
927
|
* API to cache token failures for MSER data capture
|
|
@@ -1066,7 +930,7 @@ class ServerTelemetryManager {
|
|
|
1066
930
|
cacheFailedRequest(error) {
|
|
1067
931
|
const lastRequests = this.getLastRequests();
|
|
1068
932
|
if (lastRequests.errors.length >=
|
|
1069
|
-
|
|
933
|
+
SERVER_TELEM_MAX_CACHED_ERRORS) {
|
|
1070
934
|
// Remove a cached error to make room, first in first out
|
|
1071
935
|
lastRequests.failedRequests.shift(); // apiId
|
|
1072
936
|
lastRequests.failedRequests.shift(); // correlationId
|
|
@@ -1090,7 +954,7 @@ class ServerTelemetryManager {
|
|
|
1090
954
|
}
|
|
1091
955
|
}
|
|
1092
956
|
else {
|
|
1093
|
-
lastRequests.errors.push(
|
|
957
|
+
lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
|
|
1094
958
|
}
|
|
1095
959
|
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
1096
960
|
return;
|
|
@@ -1113,7 +977,7 @@ class ServerTelemetryManager {
|
|
|
1113
977
|
errors: [],
|
|
1114
978
|
cacheHits: 0,
|
|
1115
979
|
};
|
|
1116
|
-
const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey);
|
|
980
|
+
const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey, this.correlationId);
|
|
1117
981
|
return lastRequests || initialValue;
|
|
1118
982
|
}
|
|
1119
983
|
/**
|
|
@@ -1148,18 +1012,16 @@ class ServerTelemetryManager {
|
|
|
1148
1012
|
const errorCount = serverTelemetryEntity.errors.length;
|
|
1149
1013
|
for (i = 0; i < errorCount; i++) {
|
|
1150
1014
|
// failedRequests parameter contains pairs of apiId and correlationId, multiply index by 2 to preserve pairs
|
|
1151
|
-
const apiId = serverTelemetryEntity.failedRequests[2 * i] ||
|
|
1152
|
-
|
|
1153
|
-
const
|
|
1154
|
-
Constants.EMPTY_STRING;
|
|
1155
|
-
const errorCode = serverTelemetryEntity.errors[i] || Constants.EMPTY_STRING;
|
|
1015
|
+
const apiId = serverTelemetryEntity.failedRequests[2 * i] || "";
|
|
1016
|
+
const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] || "";
|
|
1017
|
+
const errorCode = serverTelemetryEntity.errors[i] || "";
|
|
1156
1018
|
// Count number of characters that would be added to header, each character is 1 byte. Add 3 at the end to account for separators
|
|
1157
1019
|
dataSize +=
|
|
1158
1020
|
apiId.toString().length +
|
|
1159
1021
|
correlationId.toString().length +
|
|
1160
1022
|
errorCode.length +
|
|
1161
1023
|
3;
|
|
1162
|
-
if (dataSize <
|
|
1024
|
+
if (dataSize < SERVER_TELEM_MAX_LAST_HEADER_BYTES) {
|
|
1163
1025
|
// Adding this entry to the header would still keep header size below the limit
|
|
1164
1026
|
maxErrors += 1;
|
|
1165
1027
|
}
|
|
@@ -1176,9 +1038,9 @@ class ServerTelemetryManager {
|
|
|
1176
1038
|
*/
|
|
1177
1039
|
getRegionDiscoveryFields() {
|
|
1178
1040
|
const regionDiscoveryFields = [];
|
|
1179
|
-
regionDiscoveryFields.push(this.regionUsed ||
|
|
1180
|
-
regionDiscoveryFields.push(this.regionSource ||
|
|
1181
|
-
regionDiscoveryFields.push(this.regionOutcome ||
|
|
1041
|
+
regionDiscoveryFields.push(this.regionUsed || "");
|
|
1042
|
+
regionDiscoveryFields.push(this.regionSource || "");
|
|
1043
|
+
regionDiscoveryFields.push(this.regionOutcome || "");
|
|
1182
1044
|
return regionDiscoveryFields.join(",");
|
|
1183
1045
|
}
|
|
1184
1046
|
/**
|
|
@@ -1225,15 +1087,15 @@ class BasePersistence {
|
|
|
1225
1087
|
// We are using a different location for the test to avoid overriding the functional cache
|
|
1226
1088
|
const persistenceValidator = await this.createForPersistenceValidation();
|
|
1227
1089
|
try {
|
|
1228
|
-
await persistenceValidator.save(Constants
|
|
1090
|
+
await persistenceValidator.save(Constants.PERSISTENCE_TEST_DATA);
|
|
1229
1091
|
const retrievedDummyData = await persistenceValidator.load();
|
|
1230
1092
|
if (!retrievedDummyData) {
|
|
1231
1093
|
throw PersistenceError.createCachePersistenceError("Persistence check failed. Data was written but it could not be read. " +
|
|
1232
1094
|
"Possible cause: on Linux, LibSecret is installed but D-Bus isn't running \
|
|
1233
1095
|
because it cannot be started over SSH.");
|
|
1234
1096
|
}
|
|
1235
|
-
if (retrievedDummyData !== Constants
|
|
1236
|
-
throw PersistenceError.createCachePersistenceError(`Persistence check failed. Data written ${Constants
|
|
1097
|
+
if (retrievedDummyData !== Constants.PERSISTENCE_TEST_DATA) {
|
|
1098
|
+
throw PersistenceError.createCachePersistenceError(`Persistence check failed. Data written ${Constants.PERSISTENCE_TEST_DATA} is different \
|
|
1237
1099
|
from data read ${retrievedDummyData}`);
|
|
1238
1100
|
}
|
|
1239
1101
|
await persistenceValidator.delete();
|
|
@@ -1326,9 +1188,9 @@ class FilePersistence extends BasePersistence {
|
|
|
1326
1188
|
}
|
|
1327
1189
|
catch (err) {
|
|
1328
1190
|
if (isNodeError(err)) {
|
|
1329
|
-
if (err.code === Constants
|
|
1191
|
+
if (err.code === Constants.ENOENT_ERROR) {
|
|
1330
1192
|
// file does not exist, so it was not deleted
|
|
1331
|
-
this.logger.warning("Cache file does not exist, so it could not be deleted");
|
|
1193
|
+
this.logger.warning("Cache file does not exist, so it could not be deleted", "");
|
|
1332
1194
|
return false;
|
|
1333
1195
|
}
|
|
1334
1196
|
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
@@ -1367,9 +1229,9 @@ class FilePersistence extends BasePersistence {
|
|
|
1367
1229
|
}
|
|
1368
1230
|
catch (err) {
|
|
1369
1231
|
if (isNodeError(err)) {
|
|
1370
|
-
if (err.code === Constants
|
|
1232
|
+
if (err.code === Constants.ENOENT_ERROR) {
|
|
1371
1233
|
// file does not exist, so it's never been modified
|
|
1372
|
-
this.logger.verbose("Cache file does not exist");
|
|
1234
|
+
this.logger.verbose("Cache file does not exist", "");
|
|
1373
1235
|
return 0;
|
|
1374
1236
|
}
|
|
1375
1237
|
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
@@ -1384,7 +1246,7 @@ class FilePersistence extends BasePersistence {
|
|
|
1384
1246
|
// File is created only if it does not exist
|
|
1385
1247
|
const fileHandle = await fs.promises.open(this.filePath, "a");
|
|
1386
1248
|
await fileHandle.close();
|
|
1387
|
-
this.logger.info(`File created at ${this.filePath}
|
|
1249
|
+
this.logger.info(`File created at ${this.filePath}`, "");
|
|
1388
1250
|
}
|
|
1389
1251
|
async createFileDirectory() {
|
|
1390
1252
|
try {
|
|
@@ -1392,8 +1254,8 @@ class FilePersistence extends BasePersistence {
|
|
|
1392
1254
|
}
|
|
1393
1255
|
catch (err) {
|
|
1394
1256
|
if (isNodeError(err)) {
|
|
1395
|
-
if (err.code === Constants
|
|
1396
|
-
this.logger.info(`Directory ${path.dirname(this.filePath)} already exists
|
|
1257
|
+
if (err.code === Constants.EEXIST_ERROR) {
|
|
1258
|
+
this.logger.info(`Directory ${path.dirname(this.filePath)} already exists`, "");
|
|
1397
1259
|
}
|
|
1398
1260
|
else {
|
|
1399
1261
|
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
|
|
@@ -1504,7 +1366,7 @@ class FilePersistenceWithDataProtection extends BasePersistence {
|
|
|
1504
1366
|
0 === encryptedContents.length) {
|
|
1505
1367
|
this.filePersistence
|
|
1506
1368
|
.getLogger()
|
|
1507
|
-
.info("Encrypted contents loaded from file were null or empty");
|
|
1369
|
+
.info("Encrypted contents loaded from file were null or empty", "");
|
|
1508
1370
|
return null;
|
|
1509
1371
|
}
|
|
1510
1372
|
return Dpapi.unprotectData(encryptedContents, this.optionalEntropy, this.scope.toString()).toString();
|
|
@@ -1701,19 +1563,19 @@ class LibSecretPersistence extends BasePersistence {
|
|
|
1701
1563
|
*/
|
|
1702
1564
|
class Environment {
|
|
1703
1565
|
static get homeEnvVar() {
|
|
1704
|
-
return this.getEnvironmentVariable(Constants
|
|
1566
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.HOME);
|
|
1705
1567
|
}
|
|
1706
1568
|
static get lognameEnvVar() {
|
|
1707
|
-
return this.getEnvironmentVariable(Constants
|
|
1569
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOGNAME);
|
|
1708
1570
|
}
|
|
1709
1571
|
static get userEnvVar() {
|
|
1710
|
-
return this.getEnvironmentVariable(Constants
|
|
1572
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.USER);
|
|
1711
1573
|
}
|
|
1712
1574
|
static get lnameEnvVar() {
|
|
1713
|
-
return this.getEnvironmentVariable(Constants
|
|
1575
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.LNAME);
|
|
1714
1576
|
}
|
|
1715
1577
|
static get usernameEnvVar() {
|
|
1716
|
-
return this.getEnvironmentVariable(Constants
|
|
1578
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.USERNAME);
|
|
1717
1579
|
}
|
|
1718
1580
|
static getEnvironmentVariable(name) {
|
|
1719
1581
|
return process.env[name] || "";
|
|
@@ -1734,7 +1596,7 @@ class Environment {
|
|
|
1734
1596
|
if (typeof process.getuid !== "function") {
|
|
1735
1597
|
return false;
|
|
1736
1598
|
}
|
|
1737
|
-
return process.getuid() === Constants
|
|
1599
|
+
return process.getuid() === Constants.LINUX_ROOT_USER_GUID;
|
|
1738
1600
|
}
|
|
1739
1601
|
static getUserRootDirectory() {
|
|
1740
1602
|
return !this.isWindowsPlatform()
|
|
@@ -1742,7 +1604,7 @@ class Environment {
|
|
|
1742
1604
|
: this.getUserHomeDirOnWindows();
|
|
1743
1605
|
}
|
|
1744
1606
|
static getUserHomeDirOnWindows() {
|
|
1745
|
-
return this.getEnvironmentVariable(Constants
|
|
1607
|
+
return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOCAL_APPLICATION_DATA);
|
|
1746
1608
|
}
|
|
1747
1609
|
static getUserHomeDirOnUnix() {
|
|
1748
1610
|
if (this.isWindowsPlatform()) {
|
|
@@ -1839,7 +1701,7 @@ class PersistenceCreator {
|
|
|
1839
1701
|
|
|
1840
1702
|
/* eslint-disable header/header */
|
|
1841
1703
|
const name = "@azure/msal-node-extensions";
|
|
1842
|
-
const version = "
|
|
1704
|
+
const version = "5.0.0-beta.0";
|
|
1843
1705
|
|
|
1844
1706
|
/*
|
|
1845
1707
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1858,62 +1720,62 @@ class NativeBrokerPlugin {
|
|
|
1858
1720
|
}
|
|
1859
1721
|
setLogger(loggerOptions) {
|
|
1860
1722
|
this.logger = new Logger(loggerOptions, name, version);
|
|
1861
|
-
const logCallback = (message, logLevel, containsPii) => {
|
|
1723
|
+
const logCallback = (message, logLevel, containsPii, correlationId = "") => {
|
|
1862
1724
|
switch (logLevel) {
|
|
1863
1725
|
case msalNodeRuntime.LogLevel.Trace:
|
|
1864
1726
|
if (containsPii) {
|
|
1865
|
-
this.logger.tracePii(message);
|
|
1727
|
+
this.logger.tracePii(message, correlationId);
|
|
1866
1728
|
}
|
|
1867
1729
|
else {
|
|
1868
|
-
this.logger.trace(message);
|
|
1730
|
+
this.logger.trace(message, correlationId);
|
|
1869
1731
|
}
|
|
1870
1732
|
break;
|
|
1871
1733
|
case msalNodeRuntime.LogLevel.Debug:
|
|
1872
1734
|
if (containsPii) {
|
|
1873
|
-
this.logger.tracePii(message);
|
|
1735
|
+
this.logger.tracePii(message, correlationId);
|
|
1874
1736
|
}
|
|
1875
1737
|
else {
|
|
1876
|
-
this.logger.trace(message);
|
|
1738
|
+
this.logger.trace(message, correlationId);
|
|
1877
1739
|
}
|
|
1878
1740
|
break;
|
|
1879
1741
|
case msalNodeRuntime.LogLevel.Info:
|
|
1880
1742
|
if (containsPii) {
|
|
1881
|
-
this.logger.infoPii(message);
|
|
1743
|
+
this.logger.infoPii(message, correlationId);
|
|
1882
1744
|
}
|
|
1883
1745
|
else {
|
|
1884
|
-
this.logger.info(message);
|
|
1746
|
+
this.logger.info(message, correlationId);
|
|
1885
1747
|
}
|
|
1886
1748
|
break;
|
|
1887
1749
|
case msalNodeRuntime.LogLevel.Warning:
|
|
1888
1750
|
if (containsPii) {
|
|
1889
|
-
this.logger.warningPii(message);
|
|
1751
|
+
this.logger.warningPii(message, correlationId);
|
|
1890
1752
|
}
|
|
1891
1753
|
else {
|
|
1892
|
-
this.logger.warning(message);
|
|
1754
|
+
this.logger.warning(message, correlationId);
|
|
1893
1755
|
}
|
|
1894
1756
|
break;
|
|
1895
1757
|
case msalNodeRuntime.LogLevel.Error:
|
|
1896
1758
|
if (containsPii) {
|
|
1897
|
-
this.logger.errorPii(message);
|
|
1759
|
+
this.logger.errorPii(message, correlationId);
|
|
1898
1760
|
}
|
|
1899
1761
|
else {
|
|
1900
|
-
this.logger.error(message);
|
|
1762
|
+
this.logger.error(message, correlationId);
|
|
1901
1763
|
}
|
|
1902
1764
|
break;
|
|
1903
1765
|
case msalNodeRuntime.LogLevel.Fatal:
|
|
1904
1766
|
if (containsPii) {
|
|
1905
|
-
this.logger.errorPii(message);
|
|
1767
|
+
this.logger.errorPii(message, correlationId);
|
|
1906
1768
|
}
|
|
1907
1769
|
else {
|
|
1908
|
-
this.logger.error(message);
|
|
1770
|
+
this.logger.error(message, correlationId);
|
|
1909
1771
|
}
|
|
1910
1772
|
break;
|
|
1911
1773
|
default:
|
|
1912
1774
|
if (containsPii) {
|
|
1913
|
-
this.logger.infoPii(message);
|
|
1775
|
+
this.logger.infoPii(message, correlationId);
|
|
1914
1776
|
}
|
|
1915
1777
|
else {
|
|
1916
|
-
this.logger.info(message);
|
|
1778
|
+
this.logger.info(message, correlationId);
|
|
1917
1779
|
}
|
|
1918
1780
|
break;
|
|
1919
1781
|
}
|
|
@@ -2037,8 +1899,7 @@ class NativeBrokerPlugin {
|
|
|
2037
1899
|
case PromptValue.SELECT_ACCOUNT:
|
|
2038
1900
|
case PromptValue.CREATE:
|
|
2039
1901
|
this.logger.info("Calling native interop SignInInteractively API", platformRequest.correlationId);
|
|
2040
|
-
const loginHint = platformRequest.loginHint ||
|
|
2041
|
-
Constants.EMPTY_STRING;
|
|
1902
|
+
const loginHint = platformRequest.loginHint || "";
|
|
2042
1903
|
msalNodeRuntime.msalNodeRuntime.SignInInteractivelyAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
|
|
2043
1904
|
break;
|
|
2044
1905
|
case PromptValue.NONE:
|
|
@@ -2058,8 +1919,7 @@ class NativeBrokerPlugin {
|
|
|
2058
1919
|
}
|
|
2059
1920
|
else {
|
|
2060
1921
|
this.logger.info("Calling native interop SignIn API", platformRequest.correlationId);
|
|
2061
|
-
const loginHint = platformRequest.loginHint ||
|
|
2062
|
-
Constants.EMPTY_STRING;
|
|
1922
|
+
const loginHint = platformRequest.loginHint || "";
|
|
2063
1923
|
msalNodeRuntime.msalNodeRuntime.SignInAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
|
|
2064
1924
|
}
|
|
2065
1925
|
break;
|
|
@@ -2148,7 +2008,8 @@ class NativeBrokerPlugin {
|
|
|
2148
2008
|
if (request.claims) {
|
|
2149
2009
|
authParams.SetDecodedClaims(request.claims);
|
|
2150
2010
|
}
|
|
2151
|
-
if (request.authenticationScheme ===
|
|
2011
|
+
if (request.authenticationScheme ===
|
|
2012
|
+
AuthenticationScheme.POP) {
|
|
2152
2013
|
if (!request.resourceRequestMethod ||
|
|
2153
2014
|
!request.resourceRequestUri) {
|
|
2154
2015
|
throw new Error("Authentication Scheme set to POP but one or more of the following parameters are missing: resourceRequestMethod, resourceRequestUri");
|
|
@@ -2239,12 +2100,12 @@ class NativeBrokerPlugin {
|
|
|
2239
2100
|
expiresOn: toDateFromSeconds(authResult.expiresOn),
|
|
2240
2101
|
tokenType: tokenType,
|
|
2241
2102
|
correlationId: request.correlationId,
|
|
2242
|
-
|
|
2103
|
+
fromPlatformBroker: true,
|
|
2243
2104
|
};
|
|
2244
2105
|
return result;
|
|
2245
2106
|
}
|
|
2246
2107
|
generateAccountInfo(account, idTokenClaims) {
|
|
2247
|
-
this.logger.trace("NativeBrokerPlugin - generateAccountInfo called");
|
|
2108
|
+
this.logger.trace("NativeBrokerPlugin - generateAccountInfo called", "");
|
|
2248
2109
|
const accountInfo = {
|
|
2249
2110
|
homeAccountId: account.homeAccountId,
|
|
2250
2111
|
environment: account.environment,
|
|
@@ -2280,7 +2141,7 @@ class NativeBrokerPlugin {
|
|
|
2280
2141
|
wrappedError = createClientAuthError(noNetworkConnectivity);
|
|
2281
2142
|
break;
|
|
2282
2143
|
case msalNodeRuntime.ErrorStatus.ServerTemporarilyUnavailable:
|
|
2283
|
-
wrappedError = new ServerError(ErrorCodes.SERVER_UNAVAILABLE,
|
|
2144
|
+
wrappedError = new ServerError(ErrorCodes.SERVER_UNAVAILABLE, msalNodeRuntimeError.message);
|
|
2284
2145
|
break;
|
|
2285
2146
|
case msalNodeRuntime.ErrorStatus.UserCanceled:
|
|
2286
2147
|
wrappedError = createClientAuthError(userCanceled);
|