@azure/msal-node-extensions 5.2.2 → 5.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/arm64/dpapi.node +0 -0
- package/bin/ia32/dpapi.node +0 -0
- package/bin/x64/dpapi.node +0 -0
- package/dist/Dpapi.mjs +1 -1
- package/dist/broker/NativeBrokerPlugin.mjs +1 -1
- package/dist/error/PersistenceError.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs +2 -2
- package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/AuthError.mjs +2 -2
- package/dist/lib/msal-common/dist/error/AuthError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientAuthError.mjs +2 -2
- package/dist/lib/msal-common/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs +2 -2
- package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs +2 -2
- package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs +2 -2
- package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs +2 -2
- package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/PlatformBrokerError.mjs +2 -2
- package/dist/lib/msal-common/dist/error/PlatformBrokerError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/error/ServerError.mjs +2 -2
- package/dist/lib/msal-common/dist/error/ServerError.mjs.map +1 -1
- package/dist/lib/msal-common/dist/logger/Logger.mjs +3 -3
- package/dist/lib/msal-common/dist/logger/Logger.mjs.map +1 -1
- package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs +27 -22
- package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/lib/msal-common/dist/utils/Constants.mjs +2 -2
- package/dist/lib/msal-common/dist/utils/Constants.mjs.map +1 -1
- package/dist/lib/msal-common/dist/utils/TimeUtils.mjs +2 -2
- package/dist/lib/msal-common/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/lock/CrossPlatformLock.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/persistence/BasePersistence.mjs +1 -1
- package/dist/persistence/DataProtectionScope.mjs +1 -1
- package/dist/persistence/FilePersistence.mjs +33 -6
- package/dist/persistence/FilePersistence.mjs.map +1 -1
- package/dist/persistence/FilePersistenceWithDataProtection.mjs +1 -1
- package/dist/persistence/KeychainPersistence.mjs +1 -1
- package/dist/persistence/LibSecretPersistence.mjs +1 -1
- package/dist/persistence/PersistenceCachePlugin.mjs +1 -1
- package/dist/persistence/PersistenceCreator.mjs +1 -1
- package/dist/utils/Constants.mjs +1 -1
- package/dist/utils/Environment.mjs +1 -1
- package/dist/utils/TypeGuards.mjs +1 -1
- package/lib/msal-node-extensions.cjs +72 -40
- package/lib/msal-node-extensions.cjs.map +1 -1
- package/package.json +2 -2
- package/types/packageMetadata.d.ts +1 -1
- package/types/persistence/FilePersistence.d.ts +0 -7
- package/types/persistence/FilePersistence.d.ts.map +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Constants.mjs","sources":["../../../../../../../lib/msal-common/dist/utils/Constants.mjs"],"sourcesContent":["/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst SKU = \"msal.js.common\";\r\n// default authority\r\nconst DEFAULT_AUTHORITY = \"https://login.microsoftonline.com/common/\";\r\nconst DEFAULT_AUTHORITY_HOST = \"login.microsoftonline.com\";\r\nconst DEFAULT_COMMON_TENANT = \"common\";\r\n// ADFS String\r\nconst ADFS = \"adfs\";\r\nconst DSTS = \"dstsv2\";\r\n// Default AAD Instance Discovery Endpoint\r\nconst AAD_INSTANCE_DISCOVERY_ENDPT = `${DEFAULT_AUTHORITY}discovery/instance?api-version=1.1&authorization_endpoint=`;\r\n// CIAM URL\r\nconst CIAM_AUTH_URL = \".ciamlogin.com\";\r\nconst AAD_TENANT_DOMAIN_SUFFIX = \".onmicrosoft.com\";\r\n// Resource delimiter - used for certain cache entries\r\nconst RESOURCE_DELIM = \"|\";\r\n// Consumer UTID\r\nconst CONSUMER_UTID = \"9188040d-6c67-4c5b-b112-36a304b66dad\";\r\n// Default scopes\r\nconst OPENID_SCOPE = \"openid\";\r\nconst PROFILE_SCOPE = \"profile\";\r\nconst OFFLINE_ACCESS_SCOPE = \"offline_access\";\r\nconst EMAIL_SCOPE = \"email\";\r\nconst CODE_GRANT_TYPE = \"authorization_code\";\r\nconst S256_CODE_CHALLENGE_METHOD = \"S256\";\r\nconst URL_FORM_CONTENT_TYPE = \"application/x-www-form-urlencoded;charset=utf-8\";\r\nconst AUTHORIZATION_PENDING = \"authorization_pending\";\r\nconst NOT_APPLICABLE = \"N/A\";\r\nconst NOT_AVAILABLE = \"Not Available\";\r\nconst FORWARD_SLASH = \"/\";\r\nconst IMDS_ENDPOINT = \"http://169.254.169.254/metadata/instance/compute/location\";\r\nconst IMDS_VERSION = \"2020-06-01\";\r\nconst IMDS_TIMEOUT = 2000;\r\nconst AZURE_REGION_AUTO_DISCOVER_FLAG = \"TryAutoDetect\";\r\nconst REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX = \"login.microsoft.com\";\r\nconst KNOWN_PUBLIC_CLOUDS = [\r\n \"login.microsoftonline.com\",\r\n \"login.windows.net\",\r\n \"login.microsoft.com\",\r\n \"sts.windows.net\",\r\n];\r\nconst SHR_NONCE_VALIDITY = 240;\r\nconst INVALID_INSTANCE = \"invalid_instance\";\r\nconst HTTP_SUCCESS = 200;\r\nconst HTTP_SUCCESS_RANGE_START = 200;\r\nconst HTTP_SUCCESS_RANGE_END = 299;\r\nconst HTTP_REDIRECT = 302;\r\nconst HTTP_CLIENT_ERROR = 400;\r\nconst HTTP_CLIENT_ERROR_RANGE_START = 400;\r\nconst HTTP_BAD_REQUEST = 400;\r\nconst HTTP_UNAUTHORIZED = 401;\r\nconst HTTP_NOT_FOUND = 404;\r\nconst HTTP_REQUEST_TIMEOUT = 408;\r\nconst HTTP_GONE = 410;\r\nconst HTTP_TOO_MANY_REQUESTS = 429;\r\nconst HTTP_CLIENT_ERROR_RANGE_END = 499;\r\nconst HTTP_SERVER_ERROR = 500;\r\nconst HTTP_SERVER_ERROR_RANGE_START = 500;\r\nconst HTTP_SERVICE_UNAVAILABLE = 503;\r\nconst HTTP_GATEWAY_TIMEOUT = 504;\r\nconst HTTP_SERVER_ERROR_RANGE_END = 599;\r\nconst HTTP_MULTI_SIDED_ERROR = 600;\r\nconst HttpMethod = {\r\n GET: \"GET\",\r\n POST: \"POST\",\r\n};\r\nconst OIDC_DEFAULT_SCOPES = [\r\n OPENID_SCOPE,\r\n PROFILE_SCOPE,\r\n OFFLINE_ACCESS_SCOPE,\r\n];\r\nconst OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, EMAIL_SCOPE];\r\n/**\r\n * Request header names\r\n */\r\nconst HeaderNames = {\r\n CONTENT_TYPE: \"Content-Type\",\r\n CONTENT_LENGTH: \"Content-Length\",\r\n RETRY_AFTER: \"Retry-After\",\r\n CCS_HEADER: \"X-AnchorMailbox\",\r\n WWWAuthenticate: \"WWW-Authenticate\",\r\n AuthenticationInfo: \"Authentication-Info\",\r\n X_MS_REQUEST_ID: \"x-ms-request-id\",\r\n X_MS_HTTP_VERSION: \"x-ms-httpver\",\r\n};\r\n/**\r\n * Persistent cache keys MSAL which stay while user is logged in.\r\n */\r\nconst PersistentCacheKeys = {\r\n ACTIVE_ACCOUNT_FILTERS: \"active-account-filters\", // new cache entry for active_account for a more robust version for browser\r\n};\r\n/**\r\n * String constants related to AAD Authority\r\n */\r\nconst AADAuthority = {\r\n COMMON: \"common\",\r\n ORGANIZATIONS: \"organizations\",\r\n CONSUMERS: \"consumers\",\r\n};\r\n/**\r\n * Claims request keys\r\n */\r\nconst ClaimsRequestKeys = {\r\n ACCESS_TOKEN: \"access_token\",\r\n XMS_CC: \"xms_cc\",\r\n};\r\n/**\r\n * we considered making this \"enum\" in the request instead of string, however it looks like the allowed list of\r\n * prompt values kept changing over past couple of years. There are some undocumented prompt values for some\r\n * internal partners too, hence the choice of generic \"string\" type instead of the \"enum\"\r\n */\r\nconst PromptValue = {\r\n LOGIN: \"login\",\r\n SELECT_ACCOUNT: \"select_account\",\r\n CONSENT: \"consent\",\r\n NONE: \"none\",\r\n CREATE: \"create\",\r\n NO_SESSION: \"no_session\",\r\n};\r\n/**\r\n * allowed values for codeVerifier\r\n */\r\nconst CodeChallengeMethodValues = {\r\n PLAIN: \"plain\",\r\n S256: \"S256\",\r\n};\r\n/**\r\n * Allowed values for response_type\r\n */\r\nconst OAuthResponseType = {\r\n CODE: \"code\",\r\n IDTOKEN_TOKEN: \"id_token token\",\r\n IDTOKEN_TOKEN_REFRESHTOKEN: \"id_token token refresh_token\",\r\n};\r\n/**\r\n * allowed values for response_mode\r\n */\r\nconst ResponseMode = {\r\n QUERY: \"query\",\r\n FRAGMENT: \"fragment\",\r\n FORM_POST: \"form_post\",\r\n};\r\n/**\r\n * allowed grant_type\r\n */\r\nconst GrantType = {\r\n IMPLICIT_GRANT: \"implicit\",\r\n AUTHORIZATION_CODE_GRANT: \"authorization_code\",\r\n CLIENT_CREDENTIALS_GRANT: \"client_credentials\",\r\n RESOURCE_OWNER_PASSWORD_GRANT: \"password\",\r\n REFRESH_TOKEN_GRANT: \"refresh_token\",\r\n DEVICE_CODE_GRANT: \"device_code\",\r\n JWT_BEARER: \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\r\n};\r\n/**\r\n * Account types in Cache\r\n */\r\nconst CACHE_ACCOUNT_TYPE_MSSTS = \"MSSTS\";\r\nconst CACHE_ACCOUNT_TYPE_ADFS = \"ADFS\";\r\nconst CACHE_ACCOUNT_TYPE_MSAV1 = \"MSA\";\r\nconst CACHE_ACCOUNT_TYPE_GENERIC = \"Generic\";\r\n/**\r\n * Separators used in cache\r\n */\r\nconst CACHE_KEY_SEPARATOR = \"-\";\r\nconst CLIENT_INFO_SEPARATOR = \".\";\r\n/**\r\n * Credential Type stored in the cache\r\n */\r\nconst CredentialType = {\r\n ID_TOKEN: \"IdToken\",\r\n ACCESS_TOKEN: \"AccessToken\",\r\n ACCESS_TOKEN_WITH_AUTH_SCHEME: \"AccessToken_With_AuthScheme\",\r\n REFRESH_TOKEN: \"RefreshToken\",\r\n};\r\n/**\r\n * Combine all cache types\r\n */\r\nconst CacheType = {\r\n ADFS: 1001,\r\n MSA: 1002,\r\n MSSTS: 1003,\r\n GENERIC: 1004,\r\n ACCESS_TOKEN: 2001,\r\n REFRESH_TOKEN: 2002,\r\n ID_TOKEN: 2003,\r\n APP_METADATA: 3001,\r\n UNDEFINED: 9999,\r\n};\r\n/**\r\n * More Cache related constants\r\n */\r\nconst APP_METADATA = \"appmetadata\";\r\nconst CLIENT_INFO = \"client_info\";\r\nconst THE_FAMILY_ID = \"1\";\r\nconst AUTHORITY_METADATA_CACHE_KEY = \"authority-metadata\";\r\nconst AUTHORITY_METADATA_REFRESH_TIME_SECONDS = 3600 * 24; // 24 Hours\r\nconst AuthorityMetadataSource = {\r\n CONFIG: \"config\",\r\n CACHE: \"cache\",\r\n NETWORK: \"network\",\r\n HARDCODED_VALUES: \"hardcoded_values\",\r\n};\r\nconst SERVER_TELEM_SCHEMA_VERSION = 5;\r\nconst SERVER_TELEM_MAX_CUR_HEADER_BYTES = 80; // ESTS limit is 100B, set to 80 to provide a 20B buffer\r\nconst SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,\r\nconst SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains\r\nconst SERVER_TELEM_CACHE_KEY = \"server-telemetry\";\r\nconst SERVER_TELEM_CATEGORY_SEPARATOR = \"|\";\r\nconst SERVER_TELEM_VALUE_SEPARATOR = \",\";\r\nconst SERVER_TELEM_OVERFLOW_TRUE = \"1\";\r\nconst SERVER_TELEM_OVERFLOW_FALSE = \"0\";\r\nconst SERVER_TELEM_UNKNOWN_ERROR = \"unknown_error\";\r\n/**\r\n * Type of the authentication request\r\n */\r\nconst AuthenticationScheme = {\r\n BEARER: \"Bearer\",\r\n POP: \"pop\",\r\n SSH: \"ssh-cert\",\r\n};\r\n/**\r\n * Constants related to throttling\r\n */\r\nconst DEFAULT_THROTTLE_TIME_SECONDS = 60;\r\n// Default maximum time to throttle in seconds, overrides what the server sends back\r\nconst DEFAULT_MAX_THROTTLE_TIME_SECONDS = 3600;\r\n// Prefix for storing throttling entries\r\nconst THROTTLING_PREFIX = \"throttling\";\r\n// Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling\r\nconst X_MS_LIB_CAPABILITY_VALUE = \"retry-after, h429\";\r\n/**\r\n * Errors\r\n */\r\nconst INVALID_GRANT_ERROR = \"invalid_grant\";\r\nconst CLIENT_MISMATCH_ERROR = \"client_mismatch\";\r\n/**\r\n * Password grant parameters\r\n */\r\nconst PasswordGrantConstants = {\r\n username: \"username\",\r\n password: \"password\",\r\n};\r\n/**\r\n * Region Discovery Sources\r\n */\r\nconst RegionDiscoverySources = {\r\n FAILED_AUTO_DETECTION: \"1\",\r\n INTERNAL_CACHE: \"2\",\r\n ENVIRONMENT_VARIABLE: \"3\",\r\n IMDS: \"4\",\r\n};\r\n/**\r\n * Region Discovery Outcomes\r\n */\r\nconst RegionDiscoveryOutcomes = {\r\n CONFIGURED_MATCHES_DETECTED: \"1\",\r\n CONFIGURED_NO_AUTO_DETECTION: \"2\",\r\n CONFIGURED_NOT_DETECTED: \"3\",\r\n AUTO_DETECTION_REQUESTED_SUCCESSFUL: \"4\",\r\n AUTO_DETECTION_REQUESTED_FAILED: \"5\",\r\n};\r\n/**\r\n * Specifies the reason for fetching the access token from the identity provider\r\n */\r\nconst CacheOutcome = {\r\n // When a token is found in the cache or the cache is not supposed to be hit when making the request\r\n NOT_APPLICABLE: \"0\",\r\n // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested\r\n FORCE_REFRESH_OR_CLAIMS: \"1\",\r\n // When the token request goes to the identity provider because no cached access token exists\r\n NO_CACHED_ACCESS_TOKEN: \"2\",\r\n // When the token request goes to the identity provider because cached access token expired\r\n CACHED_ACCESS_TOKEN_EXPIRED: \"3\",\r\n // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed\r\n PROACTIVELY_REFRESHED: \"4\",\r\n};\r\nconst JsonWebTokenTypes = {\r\n Jwt: \"JWT\",\r\n Jwk: \"JWK\",\r\n Pop: \"pop\",\r\n};\r\nconst ONE_DAY_IN_MS = 86400000;\r\n// Token renewal offset default in seconds\r\nconst DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\r\nconst EncodingTypes = {\r\n BASE64: \"base64\",\r\n HEX: \"hex\",\r\n UTF8: \"utf-8\",\r\n};\n\nexport { AADAuthority, AAD_INSTANCE_DISCOVERY_ENDPT, AAD_TENANT_DOMAIN_SUFFIX, ADFS, APP_METADATA, AUTHORITY_METADATA_CACHE_KEY, AUTHORITY_METADATA_REFRESH_TIME_SECONDS, AUTHORIZATION_PENDING, AZURE_REGION_AUTO_DISCOVER_FLAG, AuthenticationScheme, AuthorityMetadataSource, CACHE_ACCOUNT_TYPE_ADFS, CACHE_ACCOUNT_TYPE_GENERIC, CACHE_ACCOUNT_TYPE_MSAV1, CACHE_ACCOUNT_TYPE_MSSTS, CACHE_KEY_SEPARATOR, CIAM_AUTH_URL, CLIENT_INFO, CLIENT_INFO_SEPARATOR, CLIENT_MISMATCH_ERROR, CODE_GRANT_TYPE, CONSUMER_UTID, CacheOutcome, CacheType, ClaimsRequestKeys, CodeChallengeMethodValues, CredentialType, DEFAULT_AUTHORITY, DEFAULT_AUTHORITY_HOST, DEFAULT_COMMON_TENANT, DEFAULT_MAX_THROTTLE_TIME_SECONDS, DEFAULT_THROTTLE_TIME_SECONDS, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, DSTS, EMAIL_SCOPE, EncodingTypes, FORWARD_SLASH, GrantType, HTTP_BAD_REQUEST, HTTP_CLIENT_ERROR, HTTP_CLIENT_ERROR_RANGE_END, HTTP_CLIENT_ERROR_RANGE_START, HTTP_GATEWAY_TIMEOUT, HTTP_GONE, HTTP_MULTI_SIDED_ERROR, HTTP_NOT_FOUND, HTTP_REDIRECT, HTTP_REQUEST_TIMEOUT, HTTP_SERVER_ERROR, HTTP_SERVER_ERROR_RANGE_END, HTTP_SERVER_ERROR_RANGE_START, HTTP_SERVICE_UNAVAILABLE, HTTP_SUCCESS, HTTP_SUCCESS_RANGE_END, HTTP_SUCCESS_RANGE_START, HTTP_TOO_MANY_REQUESTS, HTTP_UNAUTHORIZED, HeaderNames, HttpMethod, IMDS_ENDPOINT, IMDS_TIMEOUT, IMDS_VERSION, INVALID_GRANT_ERROR, INVALID_INSTANCE, JsonWebTokenTypes, KNOWN_PUBLIC_CLOUDS, NOT_APPLICABLE, NOT_AVAILABLE, OAuthResponseType, OFFLINE_ACCESS_SCOPE, OIDC_DEFAULT_SCOPES, OIDC_SCOPES, ONE_DAY_IN_MS, OPENID_SCOPE, PROFILE_SCOPE, PasswordGrantConstants, PersistentCacheKeys, PromptValue, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX, RESOURCE_DELIM, RegionDiscoveryOutcomes, RegionDiscoverySources, ResponseMode, S256_CODE_CHALLENGE_METHOD, SERVER_TELEM_CACHE_KEY, SERVER_TELEM_CATEGORY_SEPARATOR, SERVER_TELEM_MAX_CACHED_ERRORS, SERVER_TELEM_MAX_CUR_HEADER_BYTES, SERVER_TELEM_MAX_LAST_HEADER_BYTES, SERVER_TELEM_OVERFLOW_FALSE, SERVER_TELEM_OVERFLOW_TRUE, SERVER_TELEM_SCHEMA_VERSION, SERVER_TELEM_UNKNOWN_ERROR, SERVER_TELEM_VALUE_SEPARATOR, SHR_NONCE_VALIDITY, SKU, THE_FAMILY_ID, THROTTLING_PREFIX, URL_FORM_CONTENT_TYPE, X_MS_LIB_CAPABILITY_VALUE };\n//# sourceMappingURL=Constants.mjs.map\n"],"names":[],"mappings":";;AAAA;AA+GA;AACA;AACA;AACA;AACA;AACK,MAAC,WAAW,GAAG;AACpB,IAAI,KAAK,EAAE,OAAO;AAClB,IAAI,cAAc,EAAE,gBAAgB;AACpC,IACI,IAAI,EAAE,MAAM;AAChB,IAAI,MAAM,EAAE,QAEZ,EAAE;AA2CF;AACA;AACA;AACK,MAAC,mBAAmB,GAAG,IAAI;AAuC3B,MAAC,2BAA2B,GAAG,EAAE;AAEjC,MAAC,kCAAkC,GAAG,IAAI;AAC1C,MAAC,8BAA8B,GAAG,GAAG;AACrC,MAAC,sBAAsB,GAAG,mBAAmB;AAC7C,MAAC,+BAA+B,GAAG,IAAI;AACvC,MAAC,4BAA4B,GAAG,IAAI;AACpC,MAAC,0BAA0B,GAAG,IAAI;AAClC,MAAC,2BAA2B,GAAG,IAAI;AACnC,MAAC,0BAA0B,GAAG,gBAAgB;AACnD;AACA;AACA;AACK,MAAC,oBAAoB,GAAG;AAC7B,IAAI,MAAM,EAAE,QAAQ;AACpB,IAAI,GAAG,EAAE,KAET,EAAE;AA0CF;AACA;AACA;AACK,MAAC,YAAY,GAAG;AACrB;AACA,IAAI,cAAc,EAAE,GASpB;;;;"}
|
|
1
|
+
{"version":3,"file":"Constants.mjs","sources":["../../../../../../../lib/msal-common/dist/utils/Constants.mjs"],"sourcesContent":["/*! @azure/msal-common v16.8.0 2026-06-10 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst SKU = \"msal.js.common\";\r\n// default authority\r\nconst DEFAULT_AUTHORITY = \"https://login.microsoftonline.com/common/\";\r\nconst DEFAULT_AUTHORITY_HOST = \"login.microsoftonline.com\";\r\nconst DEFAULT_COMMON_TENANT = \"common\";\r\n// ADFS String\r\nconst ADFS = \"adfs\";\r\nconst DSTS = \"dstsv2\";\r\n// Default AAD Instance Discovery Endpoint\r\nconst AAD_INSTANCE_DISCOVERY_ENDPT = `${DEFAULT_AUTHORITY}discovery/instance?api-version=1.1&authorization_endpoint=`;\r\n// CIAM URL\r\nconst CIAM_AUTH_URL = \".ciamlogin.com\";\r\nconst AAD_TENANT_DOMAIN_SUFFIX = \".onmicrosoft.com\";\r\n// Resource delimiter - used for certain cache entries\r\nconst RESOURCE_DELIM = \"|\";\r\n// Consumer UTID\r\nconst CONSUMER_UTID = \"9188040d-6c67-4c5b-b112-36a304b66dad\";\r\n// Default scopes\r\nconst OPENID_SCOPE = \"openid\";\r\nconst PROFILE_SCOPE = \"profile\";\r\nconst OFFLINE_ACCESS_SCOPE = \"offline_access\";\r\nconst EMAIL_SCOPE = \"email\";\r\nconst CODE_GRANT_TYPE = \"authorization_code\";\r\nconst S256_CODE_CHALLENGE_METHOD = \"S256\";\r\nconst URL_FORM_CONTENT_TYPE = \"application/x-www-form-urlencoded;charset=utf-8\";\r\nconst AUTHORIZATION_PENDING = \"authorization_pending\";\r\nconst NOT_APPLICABLE = \"N/A\";\r\nconst NOT_AVAILABLE = \"Not Available\";\r\nconst FORWARD_SLASH = \"/\";\r\nconst IMDS_ENDPOINT = \"http://169.254.169.254/metadata/instance/compute/location\";\r\nconst IMDS_VERSION = \"2020-06-01\";\r\nconst IMDS_TIMEOUT = 2000;\r\nconst AZURE_REGION_AUTO_DISCOVER_FLAG = \"TryAutoDetect\";\r\nconst REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX = \"login.microsoft.com\";\r\nconst KNOWN_PUBLIC_CLOUDS = [\r\n \"login.microsoftonline.com\",\r\n \"login.windows.net\",\r\n \"login.microsoft.com\",\r\n \"sts.windows.net\",\r\n];\r\nconst SHR_NONCE_VALIDITY = 240;\r\nconst INVALID_INSTANCE = \"invalid_instance\";\r\nconst HTTP_SUCCESS = 200;\r\nconst HTTP_SUCCESS_RANGE_START = 200;\r\nconst HTTP_SUCCESS_RANGE_END = 299;\r\nconst HTTP_REDIRECT = 302;\r\nconst HTTP_CLIENT_ERROR = 400;\r\nconst HTTP_CLIENT_ERROR_RANGE_START = 400;\r\nconst HTTP_BAD_REQUEST = 400;\r\nconst HTTP_UNAUTHORIZED = 401;\r\nconst HTTP_NOT_FOUND = 404;\r\nconst HTTP_REQUEST_TIMEOUT = 408;\r\nconst HTTP_GONE = 410;\r\nconst HTTP_TOO_MANY_REQUESTS = 429;\r\nconst HTTP_CLIENT_ERROR_RANGE_END = 499;\r\nconst HTTP_SERVER_ERROR = 500;\r\nconst HTTP_SERVER_ERROR_RANGE_START = 500;\r\nconst HTTP_SERVICE_UNAVAILABLE = 503;\r\nconst HTTP_GATEWAY_TIMEOUT = 504;\r\nconst HTTP_SERVER_ERROR_RANGE_END = 599;\r\nconst HTTP_MULTI_SIDED_ERROR = 600;\r\nconst HttpMethod = {\r\n GET: \"GET\",\r\n POST: \"POST\",\r\n};\r\nconst OIDC_DEFAULT_SCOPES = [\r\n OPENID_SCOPE,\r\n PROFILE_SCOPE,\r\n OFFLINE_ACCESS_SCOPE,\r\n];\r\nconst OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, EMAIL_SCOPE];\r\n/**\r\n * Request header names\r\n */\r\nconst HeaderNames = {\r\n CONTENT_TYPE: \"Content-Type\",\r\n CONTENT_LENGTH: \"Content-Length\",\r\n RETRY_AFTER: \"Retry-After\",\r\n CCS_HEADER: \"X-AnchorMailbox\",\r\n WWWAuthenticate: \"WWW-Authenticate\",\r\n AuthenticationInfo: \"Authentication-Info\",\r\n X_MS_REQUEST_ID: \"x-ms-request-id\",\r\n X_MS_HTTP_VERSION: \"x-ms-httpver\",\r\n};\r\n/**\r\n * Persistent cache keys MSAL which stay while user is logged in.\r\n */\r\nconst PersistentCacheKeys = {\r\n ACTIVE_ACCOUNT_FILTERS: \"active-account-filters\", // new cache entry for active_account for a more robust version for browser\r\n};\r\n/**\r\n * String constants related to AAD Authority\r\n */\r\nconst AADAuthority = {\r\n COMMON: \"common\",\r\n ORGANIZATIONS: \"organizations\",\r\n CONSUMERS: \"consumers\",\r\n};\r\n/**\r\n * Claims request keys\r\n */\r\nconst ClaimsRequestKeys = {\r\n ACCESS_TOKEN: \"access_token\",\r\n XMS_CC: \"xms_cc\",\r\n};\r\n/**\r\n * we considered making this \"enum\" in the request instead of string, however it looks like the allowed list of\r\n * prompt values kept changing over past couple of years. There are some undocumented prompt values for some\r\n * internal partners too, hence the choice of generic \"string\" type instead of the \"enum\"\r\n */\r\nconst PromptValue = {\r\n LOGIN: \"login\",\r\n SELECT_ACCOUNT: \"select_account\",\r\n CONSENT: \"consent\",\r\n NONE: \"none\",\r\n CREATE: \"create\",\r\n NO_SESSION: \"no_session\",\r\n};\r\n/**\r\n * allowed values for codeVerifier\r\n */\r\nconst CodeChallengeMethodValues = {\r\n PLAIN: \"plain\",\r\n S256: \"S256\",\r\n};\r\n/**\r\n * Allowed values for response_type\r\n */\r\nconst OAuthResponseType = {\r\n CODE: \"code\",\r\n IDTOKEN_TOKEN: \"id_token token\",\r\n IDTOKEN_TOKEN_REFRESHTOKEN: \"id_token token refresh_token\",\r\n};\r\n/**\r\n * allowed values for response_mode\r\n */\r\nconst ResponseMode = {\r\n QUERY: \"query\",\r\n FRAGMENT: \"fragment\",\r\n FORM_POST: \"form_post\",\r\n};\r\n/**\r\n * allowed grant_type\r\n */\r\nconst GrantType = {\r\n IMPLICIT_GRANT: \"implicit\",\r\n AUTHORIZATION_CODE_GRANT: \"authorization_code\",\r\n CLIENT_CREDENTIALS_GRANT: \"client_credentials\",\r\n RESOURCE_OWNER_PASSWORD_GRANT: \"password\",\r\n REFRESH_TOKEN_GRANT: \"refresh_token\",\r\n DEVICE_CODE_GRANT: \"device_code\",\r\n JWT_BEARER: \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\r\n};\r\n/**\r\n * Account types in Cache\r\n */\r\nconst CACHE_ACCOUNT_TYPE_MSSTS = \"MSSTS\";\r\nconst CACHE_ACCOUNT_TYPE_ADFS = \"ADFS\";\r\nconst CACHE_ACCOUNT_TYPE_MSAV1 = \"MSA\";\r\nconst CACHE_ACCOUNT_TYPE_GENERIC = \"Generic\";\r\n/**\r\n * Separators used in cache\r\n */\r\nconst CACHE_KEY_SEPARATOR = \"-\";\r\nconst CLIENT_INFO_SEPARATOR = \".\";\r\n/**\r\n * Credential Type stored in the cache\r\n */\r\nconst CredentialType = {\r\n ID_TOKEN: \"IdToken\",\r\n ACCESS_TOKEN: \"AccessToken\",\r\n ACCESS_TOKEN_WITH_AUTH_SCHEME: \"AccessToken_With_AuthScheme\",\r\n REFRESH_TOKEN: \"RefreshToken\",\r\n};\r\n/**\r\n * Combine all cache types\r\n */\r\nconst CacheType = {\r\n ADFS: 1001,\r\n MSA: 1002,\r\n MSSTS: 1003,\r\n GENERIC: 1004,\r\n ACCESS_TOKEN: 2001,\r\n REFRESH_TOKEN: 2002,\r\n ID_TOKEN: 2003,\r\n APP_METADATA: 3001,\r\n UNDEFINED: 9999,\r\n};\r\n/**\r\n * More Cache related constants\r\n */\r\nconst APP_METADATA = \"appmetadata\";\r\nconst CLIENT_INFO = \"client_info\";\r\nconst THE_FAMILY_ID = \"1\";\r\nconst AUTHORITY_METADATA_CACHE_KEY = \"authority-metadata\";\r\nconst AUTHORITY_METADATA_REFRESH_TIME_SECONDS = 3600 * 24; // 24 Hours\r\nconst AuthorityMetadataSource = {\r\n CONFIG: \"config\",\r\n CACHE: \"cache\",\r\n NETWORK: \"network\",\r\n HARDCODED_VALUES: \"hardcoded_values\",\r\n};\r\nconst SERVER_TELEM_SCHEMA_VERSION = 5;\r\nconst SERVER_TELEM_MAX_CUR_HEADER_BYTES = 80; // ESTS limit is 100B, set to 80 to provide a 20B buffer\r\nconst SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,\r\nconst SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains\r\nconst SERVER_TELEM_CACHE_KEY = \"server-telemetry\";\r\nconst SERVER_TELEM_CATEGORY_SEPARATOR = \"|\";\r\nconst SERVER_TELEM_VALUE_SEPARATOR = \",\";\r\nconst SERVER_TELEM_OVERFLOW_TRUE = \"1\";\r\nconst SERVER_TELEM_OVERFLOW_FALSE = \"0\";\r\nconst SERVER_TELEM_UNKNOWN_ERROR = \"unknown_error\";\r\n/**\r\n * Type of the authentication request\r\n */\r\nconst AuthenticationScheme = {\r\n BEARER: \"Bearer\",\r\n POP: \"pop\",\r\n SSH: \"ssh-cert\",\r\n};\r\n/**\r\n * Constants related to throttling\r\n */\r\nconst DEFAULT_THROTTLE_TIME_SECONDS = 60;\r\n// Default maximum time to throttle in seconds, overrides what the server sends back\r\nconst DEFAULT_MAX_THROTTLE_TIME_SECONDS = 3600;\r\n// Prefix for storing throttling entries\r\nconst THROTTLING_PREFIX = \"throttling\";\r\n// Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling\r\nconst X_MS_LIB_CAPABILITY_VALUE = \"retry-after, h429\";\r\n/**\r\n * Errors\r\n */\r\nconst INVALID_GRANT_ERROR = \"invalid_grant\";\r\nconst CLIENT_MISMATCH_ERROR = \"client_mismatch\";\r\n/**\r\n * Password grant parameters\r\n */\r\nconst PasswordGrantConstants = {\r\n username: \"username\",\r\n password: \"password\",\r\n};\r\n/**\r\n * Region Discovery Sources\r\n */\r\nconst RegionDiscoverySources = {\r\n FAILED_AUTO_DETECTION: \"1\",\r\n INTERNAL_CACHE: \"2\",\r\n ENVIRONMENT_VARIABLE: \"3\",\r\n IMDS: \"4\",\r\n};\r\n/**\r\n * Region Discovery Outcomes\r\n */\r\nconst RegionDiscoveryOutcomes = {\r\n CONFIGURED_MATCHES_DETECTED: \"1\",\r\n CONFIGURED_NO_AUTO_DETECTION: \"2\",\r\n CONFIGURED_NOT_DETECTED: \"3\",\r\n AUTO_DETECTION_REQUESTED_SUCCESSFUL: \"4\",\r\n AUTO_DETECTION_REQUESTED_FAILED: \"5\",\r\n};\r\n/**\r\n * Specifies the reason for fetching the access token from the identity provider\r\n */\r\nconst CacheOutcome = {\r\n // When a token is found in the cache or the cache is not supposed to be hit when making the request\r\n NOT_APPLICABLE: \"0\",\r\n // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested\r\n FORCE_REFRESH_OR_CLAIMS: \"1\",\r\n // When the token request goes to the identity provider because no cached access token exists\r\n NO_CACHED_ACCESS_TOKEN: \"2\",\r\n // When the token request goes to the identity provider because cached access token expired\r\n CACHED_ACCESS_TOKEN_EXPIRED: \"3\",\r\n // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed\r\n PROACTIVELY_REFRESHED: \"4\",\r\n};\r\nconst JsonWebTokenTypes = {\r\n Jwt: \"JWT\",\r\n Jwk: \"JWK\",\r\n Pop: \"pop\",\r\n};\r\nconst ONE_DAY_IN_MS = 86400000;\r\n// Token renewal offset default in seconds\r\nconst DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\r\nconst EncodingTypes = {\r\n BASE64: \"base64\",\r\n HEX: \"hex\",\r\n UTF8: \"utf-8\",\r\n};\n\nexport { AADAuthority, AAD_INSTANCE_DISCOVERY_ENDPT, AAD_TENANT_DOMAIN_SUFFIX, ADFS, APP_METADATA, AUTHORITY_METADATA_CACHE_KEY, AUTHORITY_METADATA_REFRESH_TIME_SECONDS, AUTHORIZATION_PENDING, AZURE_REGION_AUTO_DISCOVER_FLAG, AuthenticationScheme, AuthorityMetadataSource, CACHE_ACCOUNT_TYPE_ADFS, CACHE_ACCOUNT_TYPE_GENERIC, CACHE_ACCOUNT_TYPE_MSAV1, CACHE_ACCOUNT_TYPE_MSSTS, CACHE_KEY_SEPARATOR, CIAM_AUTH_URL, CLIENT_INFO, CLIENT_INFO_SEPARATOR, CLIENT_MISMATCH_ERROR, CODE_GRANT_TYPE, CONSUMER_UTID, CacheOutcome, CacheType, ClaimsRequestKeys, CodeChallengeMethodValues, CredentialType, DEFAULT_AUTHORITY, DEFAULT_AUTHORITY_HOST, DEFAULT_COMMON_TENANT, DEFAULT_MAX_THROTTLE_TIME_SECONDS, DEFAULT_THROTTLE_TIME_SECONDS, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, DSTS, EMAIL_SCOPE, EncodingTypes, FORWARD_SLASH, GrantType, HTTP_BAD_REQUEST, HTTP_CLIENT_ERROR, HTTP_CLIENT_ERROR_RANGE_END, HTTP_CLIENT_ERROR_RANGE_START, HTTP_GATEWAY_TIMEOUT, HTTP_GONE, HTTP_MULTI_SIDED_ERROR, HTTP_NOT_FOUND, HTTP_REDIRECT, HTTP_REQUEST_TIMEOUT, HTTP_SERVER_ERROR, HTTP_SERVER_ERROR_RANGE_END, HTTP_SERVER_ERROR_RANGE_START, HTTP_SERVICE_UNAVAILABLE, HTTP_SUCCESS, HTTP_SUCCESS_RANGE_END, HTTP_SUCCESS_RANGE_START, HTTP_TOO_MANY_REQUESTS, HTTP_UNAUTHORIZED, HeaderNames, HttpMethod, IMDS_ENDPOINT, IMDS_TIMEOUT, IMDS_VERSION, INVALID_GRANT_ERROR, INVALID_INSTANCE, JsonWebTokenTypes, KNOWN_PUBLIC_CLOUDS, NOT_APPLICABLE, NOT_AVAILABLE, OAuthResponseType, OFFLINE_ACCESS_SCOPE, OIDC_DEFAULT_SCOPES, OIDC_SCOPES, ONE_DAY_IN_MS, OPENID_SCOPE, PROFILE_SCOPE, PasswordGrantConstants, PersistentCacheKeys, PromptValue, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX, RESOURCE_DELIM, RegionDiscoveryOutcomes, RegionDiscoverySources, ResponseMode, S256_CODE_CHALLENGE_METHOD, SERVER_TELEM_CACHE_KEY, SERVER_TELEM_CATEGORY_SEPARATOR, SERVER_TELEM_MAX_CACHED_ERRORS, SERVER_TELEM_MAX_CUR_HEADER_BYTES, SERVER_TELEM_MAX_LAST_HEADER_BYTES, SERVER_TELEM_OVERFLOW_FALSE, SERVER_TELEM_OVERFLOW_TRUE, SERVER_TELEM_SCHEMA_VERSION, SERVER_TELEM_UNKNOWN_ERROR, SERVER_TELEM_VALUE_SEPARATOR, SHR_NONCE_VALIDITY, SKU, THE_FAMILY_ID, THROTTLING_PREFIX, URL_FORM_CONTENT_TYPE, X_MS_LIB_CAPABILITY_VALUE };\n//# sourceMappingURL=Constants.mjs.map\n"],"names":[],"mappings":";;AAAA;AA+GA;AACA;AACA;AACA;AACA;AACK,MAAC,WAAW,GAAG;AACpB,IAAI,KAAK,EAAE,OAAO;AAClB,IAAI,cAAc,EAAE,gBAAgB;AACpC,IACI,IAAI,EAAE,MAAM;AAChB,IAAI,MAAM,EAAE,QAEZ,EAAE;AA2CF;AACA;AACA;AACK,MAAC,mBAAmB,GAAG,IAAI;AAuC3B,MAAC,2BAA2B,GAAG,EAAE;AAEjC,MAAC,kCAAkC,GAAG,IAAI;AAC1C,MAAC,8BAA8B,GAAG,GAAG;AACrC,MAAC,sBAAsB,GAAG,mBAAmB;AAC7C,MAAC,+BAA+B,GAAG,IAAI;AACvC,MAAC,4BAA4B,GAAG,IAAI;AACpC,MAAC,0BAA0B,GAAG,IAAI;AAClC,MAAC,2BAA2B,GAAG,IAAI;AACnC,MAAC,0BAA0B,GAAG,gBAAgB;AACnD;AACA;AACA;AACK,MAAC,oBAAoB,GAAG;AAC7B,IAAI,MAAM,EAAE,QAAQ;AACpB,IAAI,GAAG,EAAE,KAET,EAAE;AA0CF;AACA;AACA;AACK,MAAC,YAAY,GAAG;AACrB;AACA,IAAI,cAAc,EAAE,GASpB;;;;"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
/*! @azure/msal-node-extensions v5.2.
|
|
1
|
+
/*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
|
-
/*! @azure/msal-common v16.
|
|
3
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4
4
|
/**
|
|
5
5
|
* Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
|
|
6
6
|
* @param seconds
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TimeUtils.mjs","sources":["../../../../../../../lib/msal-common/dist/utils/TimeUtils.mjs"],"sourcesContent":["/*! @azure/msal-common v16.
|
|
1
|
+
{"version":3,"file":"TimeUtils.mjs","sources":["../../../../../../../lib/msal-common/dist/utils/TimeUtils.mjs"],"sourcesContent":["/*! @azure/msal-common v16.8.0 2026-06-10 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Utility functions for managing date and time operations.\r\n */\r\n/**\r\n * return the current time in Unix time (seconds).\r\n */\r\nfunction nowSeconds() {\r\n // Date.getTime() returns in milliseconds.\r\n return Math.round(new Date().getTime() / 1000.0);\r\n}\r\n/**\r\n * Converts JS Date object to seconds\r\n * @param date Date\r\n */\r\nfunction toSecondsFromDate(date) {\r\n // Convert date to seconds\r\n return date.getTime() / 1000;\r\n}\r\n/**\r\n * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).\r\n * @param seconds\r\n */\r\nfunction toDateFromSeconds(seconds) {\r\n if (seconds) {\r\n return new Date(Number(seconds) * 1000);\r\n }\r\n return new Date();\r\n}\r\n/**\r\n * check if a token is expired based on given UTC time in seconds.\r\n * @param expiresOn\r\n */\r\nfunction isTokenExpired(expiresOn, offset) {\r\n // check for access token expiry\r\n const expirationSec = Number(expiresOn) || 0;\r\n const offsetCurrentTimeSec = nowSeconds() + offset;\r\n // If current time + offset is greater than token expiration time, then token is expired.\r\n return offsetCurrentTimeSec > expirationSec;\r\n}\r\n/**\r\n * Checks if a cache entry is expired based on the last updated time and cache retention days.\r\n * @param lastUpdatedAt\r\n * @param cacheRetentionDays\r\n * @returns\r\n */\r\nfunction isCacheExpired(lastUpdatedAt, cacheRetentionDays) {\r\n const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;\r\n return Date.now() > cacheExpirationTimestamp;\r\n}\r\n/**\r\n * If the current time is earlier than the time that a token was cached at, we must discard the token\r\n * i.e. The system clock was turned back after acquiring the cached token\r\n * @param cachedAt\r\n * @param offset\r\n */\r\nfunction wasClockTurnedBack(cachedAt) {\r\n const cachedAtSec = Number(cachedAt);\r\n return cachedAtSec > nowSeconds();\r\n}\r\n/**\r\n * Waits for t number of milliseconds\r\n * @param t number\r\n * @param value T\r\n */\r\nfunction delay(t, value) {\r\n return new Promise((resolve) => setTimeout(() => resolve(value), t));\r\n}\n\nexport { delay, isCacheExpired, isTokenExpired, nowSeconds, toDateFromSeconds, toSecondsFromDate, wasClockTurnedBack };\n//# sourceMappingURL=TimeUtils.mjs.map\n"],"names":[],"mappings":";;AAAA;AAwBA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,OAAO,EAAE;AACpC,IAAI,IAAI,OAAO,EAAE;AACjB,QAAQ,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;AAChD,KAAK;AACL,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;AACtB;;;;"}
|
package/dist/packageMetadata.mjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-node-extensions v5.2.
|
|
1
|
+
/*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
/* eslint-disable header/header */
|
|
4
4
|
const name = "@azure/msal-node-extensions";
|
|
5
|
-
const version = "5.2.
|
|
5
|
+
const version = "5.2.4";
|
|
6
6
|
|
|
7
7
|
export { name, version };
|
|
8
8
|
//# sourceMappingURL=packageMetadata.mjs.map
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-node-extensions v5.2.
|
|
1
|
+
/*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { promises } from 'fs';
|
|
4
4
|
import { dirname } from 'path';
|
|
5
|
-
import {
|
|
5
|
+
import { Constants, ErrorCodes } from '../utils/Constants.mjs';
|
|
6
6
|
import { PersistenceError } from '../error/PersistenceError.mjs';
|
|
7
7
|
import { BasePersistence } from './BasePersistence.mjs';
|
|
8
8
|
import { isNodeError } from '../utils/TypeGuards.mjs';
|
|
@@ -19,6 +19,10 @@ import { Logger, LogLevel } from '../lib/msal-common/dist/logger/Logger.mjs';
|
|
|
19
19
|
* If file or directory has not been created, it FilePersistence.create() will create
|
|
20
20
|
* file and any directories in the path recursively.
|
|
21
21
|
*/
|
|
22
|
+
/** Owner read/write only (0o600) */
|
|
23
|
+
const FILE_MODE = 0o600;
|
|
24
|
+
/** Owner read/write/execute only (0o700) */
|
|
25
|
+
const DIR_MODE = 0o700;
|
|
22
26
|
class FilePersistence extends BasePersistence {
|
|
23
27
|
constructor(fileLocation, loggerOptions) {
|
|
24
28
|
super();
|
|
@@ -32,7 +36,17 @@ class FilePersistence extends BasePersistence {
|
|
|
32
36
|
}
|
|
33
37
|
async save(contents) {
|
|
34
38
|
try {
|
|
35
|
-
|
|
39
|
+
// Tighten permissions before writing to close TOCTOU window on existing files
|
|
40
|
+
await promises.chmod(this.getFilePath(), FILE_MODE).catch((err) => {
|
|
41
|
+
if (!isNodeError(err) || err.code !== Constants.ENOENT_ERROR) {
|
|
42
|
+
throw err;
|
|
43
|
+
}
|
|
44
|
+
});
|
|
45
|
+
await promises.writeFile(this.getFilePath(), contents, {
|
|
46
|
+
encoding: "utf-8",
|
|
47
|
+
mode: FILE_MODE,
|
|
48
|
+
});
|
|
49
|
+
await promises.chmod(this.getFilePath(), FILE_MODE);
|
|
36
50
|
}
|
|
37
51
|
catch (err) {
|
|
38
52
|
if (isNodeError(err)) {
|
|
@@ -45,7 +59,16 @@ class FilePersistence extends BasePersistence {
|
|
|
45
59
|
}
|
|
46
60
|
async saveBuffer(contents) {
|
|
47
61
|
try {
|
|
48
|
-
|
|
62
|
+
// Tighten permissions before writing to close TOCTOU window on existing files
|
|
63
|
+
await promises.chmod(this.getFilePath(), FILE_MODE).catch((err) => {
|
|
64
|
+
if (!isNodeError(err) || err.code !== Constants.ENOENT_ERROR) {
|
|
65
|
+
throw err;
|
|
66
|
+
}
|
|
67
|
+
});
|
|
68
|
+
await promises.writeFile(this.getFilePath(), contents, {
|
|
69
|
+
mode: FILE_MODE,
|
|
70
|
+
});
|
|
71
|
+
await promises.chmod(this.getFilePath(), FILE_MODE);
|
|
49
72
|
}
|
|
50
73
|
catch (err) {
|
|
51
74
|
if (isNodeError(err)) {
|
|
@@ -145,13 +168,17 @@ class FilePersistence extends BasePersistence {
|
|
|
145
168
|
async createCacheFile() {
|
|
146
169
|
await this.createFileDirectory();
|
|
147
170
|
// File is created only if it does not exist
|
|
148
|
-
const fileHandle = await promises.open(this.filePath, "a");
|
|
171
|
+
const fileHandle = await promises.open(this.filePath, "a", FILE_MODE);
|
|
149
172
|
await fileHandle.close();
|
|
173
|
+
await promises.chmod(this.filePath, FILE_MODE);
|
|
150
174
|
this.logger.info(`File created at ${this.filePath}`, "");
|
|
151
175
|
}
|
|
152
176
|
async createFileDirectory() {
|
|
153
177
|
try {
|
|
154
|
-
await promises.mkdir(dirname(this.filePath), {
|
|
178
|
+
await promises.mkdir(dirname(this.filePath), {
|
|
179
|
+
recursive: true,
|
|
180
|
+
mode: DIR_MODE,
|
|
181
|
+
});
|
|
155
182
|
}
|
|
156
183
|
catch (err) {
|
|
157
184
|
if (isNodeError(err)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"FilePersistence.mjs","sources":["../../src/persistence/FilePersistence.ts"],"sourcesContent":[null],"names":["fs"],"mappings":";;;;;;;;;;AAAA;;;AAGG;AAWH;;;;;;AAMG;
|
|
1
|
+
{"version":3,"file":"FilePersistence.mjs","sources":["../../src/persistence/FilePersistence.ts"],"sourcesContent":[null],"names":["fs"],"mappings":";;;;;;;;;;AAAA;;;AAGG;AAWH;;;;;;AAMG;AACH;AACA,MAAM,SAAS,GAAG,KAAK,CAAC;AACxB;AACA,MAAM,QAAQ,GAAG,KAAK,CAAC;AAEjB,MAAO,eAAgB,SAAQ,eAAe,CAAA;IAIhD,WAAoB,CAAA,YAAoB,EAAE,aAA6B,EAAA;AACnE,QAAA,KAAK,EAAE,CAAC;AACR,QAAA,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CACpB,aAAa,IAAI,eAAe,CAAC,0BAA0B,EAAE,CAChE,CAAC;AACF,QAAA,IAAI,CAAC,QAAQ,GAAG,YAAY,CAAC;KAChC;AAEM,IAAA,aAAa,MAAM,CACtB,YAAoB,EACpB,aAA6B,EAAA;QAE7B,MAAM,eAAe,GAAG,IAAI,eAAe,CACvC,YAAY,EACZ,aAAa,CAChB,CAAC;AACF,QAAA,MAAM,eAAe,CAAC,eAAe,EAAE,CAAC;AACxC,QAAA,OAAO,eAAe,CAAC;KAC1B;IAEM,MAAM,IAAI,CAAC,QAAgB,EAAA;QAC9B,IAAI;;AAEA,YAAA,MAAMA,QAAE,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,KAAI;AACxD,gBAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY,EAAE;AAC1D,oBAAA,MAAM,GAAG,CAAC;AACb,iBAAA;AACL,aAAC,CAAC,CAAC;YACH,MAAMA,QAAE,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE;AAC7C,gBAAA,QAAQ,EAAE,OAAO;AACjB,gBAAA,IAAI,EAAE,SAAS;AAClB,aAAA,CAAC,CAAC;YACH,MAAMA,QAAE,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,SAAS,CAAC,CAAC;AACjD,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;IAEM,MAAM,UAAU,CAAC,QAAoB,EAAA;QACxC,IAAI;;AAEA,YAAA,MAAMA,QAAE,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,KAAI;AACxD,gBAAA,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY,EAAE;AAC1D,oBAAA,MAAM,GAAG,CAAC;AACb,iBAAA;AACL,aAAC,CAAC,CAAC;YACH,MAAMA,QAAE,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE;AAC7C,gBAAA,IAAI,EAAE,SAAS;AAClB,aAAA,CAAC,CAAC;YACH,MAAMA,QAAE,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,SAAS,CAAC,CAAC;AACjD,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,IAAI,GAAA;QACb,IAAI;AACA,YAAA,OAAO,MAAMA,QAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;AACzD,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,UAAU,GAAA;QACnB,IAAI;YACA,OAAO,MAAMA,QAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;AAChD,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,MAAM,GAAA;QACf,IAAI;YACA,MAAMA,QAAE,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;AACpC,YAAA,OAAO,IAAI,CAAC;AACf,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY,EAAE;;oBAErC,IAAI,CAAC,MAAM,CAAC,OAAO,CACf,uDAAuD,EACvD,EAAE,CACL,CAAC;AACF,oBAAA,OAAO,KAAK,CAAC;AAChB,iBAAA;AACD,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;IAEM,WAAW,GAAA;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC;KACxB;IAEM,MAAM,eAAe,CAAC,QAAgB,EAAA;QACzC,OAAO,QAAQ,IAAI,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;KACrD;IAEM,SAAS,GAAA;QACZ,OAAO,IAAI,CAAC,MAAM,CAAC;KACtB;IAEM,8BAA8B,GAAA;QACjC,MAAM,qBAAqB,GAAG,CAAA,EAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA,WAAA,CAAa,CAAC;AACrE,QAAA,OAAO,eAAe,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;KACxD;AAEO,IAAA,OAAO,0BAA0B,GAAA;QACrC,OAAO;YACH,cAAc,EAAE,MAAK;;aAEpB;AACD,YAAA,iBAAiB,EAAE,KAAK;YACxB,QAAQ,EAAE,QAAQ,CAAC,IAAI;SAC1B,CAAC;KACL;AAEO,IAAA,MAAM,gBAAgB,GAAA;QAC1B,IAAI;YACA,MAAM,KAAK,GAAG,MAAMA,QAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC3C,YAAA,OAAO,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;AAChC,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY,EAAE;;oBAErC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,2BAA2B,EAAE,EAAE,CAAC,CAAC;AACrD,oBAAA,OAAO,CAAC,CAAC;AACZ,iBAAA;AACD,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEO,IAAA,MAAM,eAAe,GAAA;AACzB,QAAA,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;;AAEjC,QAAA,MAAM,UAAU,GAAG,MAAMA,QAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;AAChE,QAAA,MAAM,UAAU,CAAC,KAAK,EAAE,CAAC;QACzB,MAAMA,QAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AACzC,QAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA,gBAAA,EAAmB,IAAI,CAAC,QAAQ,CAAA,CAAE,EAAE,EAAE,CAAC,CAAC;KAC5D;AAEO,IAAA,MAAM,mBAAmB,GAAA;QAC7B,IAAI;YACA,MAAMA,QAAE,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;AACnC,gBAAA,SAAS,EAAE,IAAI;AACf,gBAAA,IAAI,EAAE,QAAQ;AACjB,aAAA,CAAC,CAAC;AACN,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY,EAAE;AACrC,oBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,aAAa,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA,gBAAA,CAAkB,EACrD,EAAE,CACL,CAAC;AACL,iBAAA;AAAM,qBAAA;AACH,oBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,iBAAA;AACJ,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AACJ;;;;"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-node-extensions v5.2.
|
|
1
|
+
/*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { FilePersistenceWithDataProtection } from './FilePersistenceWithDataProtection.mjs';
|
|
4
4
|
import { LibSecretPersistence } from './LibSecretPersistence.mjs';
|
package/dist/utils/Constants.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-node-extensions v5.2.
|
|
1
|
+
/*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
@@ -343,7 +343,7 @@ class PersistenceCachePlugin {
|
|
|
343
343
|
}
|
|
344
344
|
}
|
|
345
345
|
|
|
346
|
-
/*! @azure/msal-common v16.
|
|
346
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
347
347
|
/**
|
|
348
348
|
* we considered making this "enum" in the request instead of string, however it looks like the allowed list of
|
|
349
349
|
* prompt values kept changing over past couple of years. There are some undocumented prompt values for some
|
|
@@ -380,11 +380,11 @@ const CacheOutcome = {
|
|
|
380
380
|
// When a token is found in the cache or the cache is not supposed to be hit when making the request
|
|
381
381
|
NOT_APPLICABLE: "0"};
|
|
382
382
|
|
|
383
|
-
/*! @azure/msal-common v16.
|
|
383
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
384
384
|
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
385
385
|
const RESOURCE = "resource";
|
|
386
386
|
|
|
387
|
-
/*! @azure/msal-common v16.
|
|
387
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
388
388
|
/*
|
|
389
389
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
390
390
|
* Licensed under the MIT License.
|
|
@@ -412,7 +412,7 @@ class AuthError extends Error {
|
|
|
412
412
|
}
|
|
413
413
|
}
|
|
414
414
|
|
|
415
|
-
/*! @azure/msal-common v16.
|
|
415
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
416
416
|
|
|
417
417
|
/*
|
|
418
418
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -432,7 +432,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
432
432
|
return new ClientConfigurationError(errorCode);
|
|
433
433
|
}
|
|
434
434
|
|
|
435
|
-
/*! @azure/msal-common v16.
|
|
435
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
436
436
|
|
|
437
437
|
/*
|
|
438
438
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -455,16 +455,16 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
455
455
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
456
456
|
}
|
|
457
457
|
|
|
458
|
-
/*! @azure/msal-common v16.
|
|
458
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
459
459
|
const untrustedAuthority = "untrusted_authority";
|
|
460
460
|
|
|
461
|
-
/*! @azure/msal-common v16.
|
|
461
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
462
462
|
const noAccountFound = "no_account_found";
|
|
463
463
|
const noNetworkConnectivity = "no_network_connectivity";
|
|
464
464
|
const userCanceled = "user_canceled";
|
|
465
465
|
const platformBrokerError = "platform_broker_error";
|
|
466
466
|
|
|
467
|
-
/*! @azure/msal-common v16.
|
|
467
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
468
468
|
/*
|
|
469
469
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
470
470
|
* Licensed under the MIT License.
|
|
@@ -512,7 +512,7 @@ function addLogToCache(correlationId, loggedMessage) {
|
|
|
512
512
|
// Remove LRU (first entry) if capacity exceeded
|
|
513
513
|
if (correlationCache.size > CACHE_CAPACITY) {
|
|
514
514
|
const firstKey = correlationCache.keys().next().value;
|
|
515
|
-
if (firstKey) {
|
|
515
|
+
if (firstKey !== undefined) {
|
|
516
516
|
correlationCache.delete(firstKey);
|
|
517
517
|
}
|
|
518
518
|
}
|
|
@@ -725,7 +725,7 @@ class Logger {
|
|
|
725
725
|
}
|
|
726
726
|
}
|
|
727
727
|
|
|
728
|
-
/*! @azure/msal-common v16.
|
|
728
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
729
729
|
/**
|
|
730
730
|
* Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
|
|
731
731
|
* @param seconds
|
|
@@ -737,7 +737,7 @@ function toDateFromSeconds(seconds) {
|
|
|
737
737
|
return new Date();
|
|
738
738
|
}
|
|
739
739
|
|
|
740
|
-
/*! @azure/msal-common v16.
|
|
740
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
741
741
|
/**
|
|
742
742
|
* Error thrown when user interaction is required.
|
|
743
743
|
*/
|
|
@@ -754,7 +754,7 @@ class InteractionRequiredAuthError extends AuthError {
|
|
|
754
754
|
}
|
|
755
755
|
}
|
|
756
756
|
|
|
757
|
-
/*! @azure/msal-common v16.
|
|
757
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
758
758
|
|
|
759
759
|
/*
|
|
760
760
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -773,7 +773,7 @@ class ServerError extends AuthError {
|
|
|
773
773
|
}
|
|
774
774
|
}
|
|
775
775
|
|
|
776
|
-
/*! @azure/msal-common v16.
|
|
776
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
777
777
|
|
|
778
778
|
/*
|
|
779
779
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -818,7 +818,7 @@ class PlatformBrokerError extends AuthError {
|
|
|
818
818
|
}
|
|
819
819
|
}
|
|
820
820
|
|
|
821
|
-
/*! @azure/msal-common v16.
|
|
821
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
822
822
|
|
|
823
823
|
/*
|
|
824
824
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -929,35 +929,40 @@ class ServerTelemetryManager {
|
|
|
929
929
|
* @param error
|
|
930
930
|
*/
|
|
931
931
|
cacheFailedRequest(error) {
|
|
932
|
-
|
|
933
|
-
|
|
934
|
-
|
|
935
|
-
|
|
936
|
-
|
|
937
|
-
|
|
938
|
-
|
|
939
|
-
|
|
940
|
-
|
|
941
|
-
|
|
942
|
-
if (error instanceof
|
|
943
|
-
if (error
|
|
944
|
-
|
|
945
|
-
|
|
946
|
-
|
|
947
|
-
|
|
932
|
+
try {
|
|
933
|
+
const lastRequests = this.getLastRequests();
|
|
934
|
+
if (lastRequests.errors.length >=
|
|
935
|
+
SERVER_TELEM_MAX_CACHED_ERRORS) {
|
|
936
|
+
// Remove a cached error to make room, first in first out
|
|
937
|
+
lastRequests.failedRequests.shift(); // apiId
|
|
938
|
+
lastRequests.failedRequests.shift(); // correlationId
|
|
939
|
+
lastRequests.errors.shift();
|
|
940
|
+
}
|
|
941
|
+
lastRequests.failedRequests.push(this.apiId, this.correlationId);
|
|
942
|
+
if (error instanceof Error && !!error && error.toString()) {
|
|
943
|
+
if (error instanceof AuthError) {
|
|
944
|
+
if (error.subError) {
|
|
945
|
+
lastRequests.errors.push(error.subError);
|
|
946
|
+
}
|
|
947
|
+
else if (error.errorCode) {
|
|
948
|
+
lastRequests.errors.push(error.errorCode);
|
|
949
|
+
}
|
|
950
|
+
else {
|
|
951
|
+
lastRequests.errors.push(error.toString());
|
|
952
|
+
}
|
|
948
953
|
}
|
|
949
954
|
else {
|
|
950
955
|
lastRequests.errors.push(error.toString());
|
|
951
956
|
}
|
|
952
957
|
}
|
|
953
958
|
else {
|
|
954
|
-
lastRequests.errors.push(
|
|
959
|
+
lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
|
|
955
960
|
}
|
|
961
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
956
962
|
}
|
|
957
|
-
|
|
958
|
-
|
|
963
|
+
catch {
|
|
964
|
+
// Ignore telemetry cache failures to avoid masking the original auth error path.
|
|
959
965
|
}
|
|
960
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
961
966
|
return;
|
|
962
967
|
}
|
|
963
968
|
/**
|
|
@@ -1119,6 +1124,10 @@ class BasePersistence {
|
|
|
1119
1124
|
* If file or directory has not been created, it FilePersistence.create() will create
|
|
1120
1125
|
* file and any directories in the path recursively.
|
|
1121
1126
|
*/
|
|
1127
|
+
/** Owner read/write only (0o600) */
|
|
1128
|
+
const FILE_MODE = 0o600;
|
|
1129
|
+
/** Owner read/write/execute only (0o700) */
|
|
1130
|
+
const DIR_MODE = 0o700;
|
|
1122
1131
|
class FilePersistence extends BasePersistence {
|
|
1123
1132
|
constructor(fileLocation, loggerOptions) {
|
|
1124
1133
|
super();
|
|
@@ -1132,7 +1141,17 @@ class FilePersistence extends BasePersistence {
|
|
|
1132
1141
|
}
|
|
1133
1142
|
async save(contents) {
|
|
1134
1143
|
try {
|
|
1135
|
-
|
|
1144
|
+
// Tighten permissions before writing to close TOCTOU window on existing files
|
|
1145
|
+
await fs.promises.chmod(this.getFilePath(), FILE_MODE).catch((err) => {
|
|
1146
|
+
if (!isNodeError(err) || err.code !== Constants.ENOENT_ERROR) {
|
|
1147
|
+
throw err;
|
|
1148
|
+
}
|
|
1149
|
+
});
|
|
1150
|
+
await fs.promises.writeFile(this.getFilePath(), contents, {
|
|
1151
|
+
encoding: "utf-8",
|
|
1152
|
+
mode: FILE_MODE,
|
|
1153
|
+
});
|
|
1154
|
+
await fs.promises.chmod(this.getFilePath(), FILE_MODE);
|
|
1136
1155
|
}
|
|
1137
1156
|
catch (err) {
|
|
1138
1157
|
if (isNodeError(err)) {
|
|
@@ -1145,7 +1164,16 @@ class FilePersistence extends BasePersistence {
|
|
|
1145
1164
|
}
|
|
1146
1165
|
async saveBuffer(contents) {
|
|
1147
1166
|
try {
|
|
1148
|
-
|
|
1167
|
+
// Tighten permissions before writing to close TOCTOU window on existing files
|
|
1168
|
+
await fs.promises.chmod(this.getFilePath(), FILE_MODE).catch((err) => {
|
|
1169
|
+
if (!isNodeError(err) || err.code !== Constants.ENOENT_ERROR) {
|
|
1170
|
+
throw err;
|
|
1171
|
+
}
|
|
1172
|
+
});
|
|
1173
|
+
await fs.promises.writeFile(this.getFilePath(), contents, {
|
|
1174
|
+
mode: FILE_MODE,
|
|
1175
|
+
});
|
|
1176
|
+
await fs.promises.chmod(this.getFilePath(), FILE_MODE);
|
|
1149
1177
|
}
|
|
1150
1178
|
catch (err) {
|
|
1151
1179
|
if (isNodeError(err)) {
|
|
@@ -1245,13 +1273,17 @@ class FilePersistence extends BasePersistence {
|
|
|
1245
1273
|
async createCacheFile() {
|
|
1246
1274
|
await this.createFileDirectory();
|
|
1247
1275
|
// File is created only if it does not exist
|
|
1248
|
-
const fileHandle = await fs.promises.open(this.filePath, "a");
|
|
1276
|
+
const fileHandle = await fs.promises.open(this.filePath, "a", FILE_MODE);
|
|
1249
1277
|
await fileHandle.close();
|
|
1278
|
+
await fs.promises.chmod(this.filePath, FILE_MODE);
|
|
1250
1279
|
this.logger.info(`File created at ${this.filePath}`, "");
|
|
1251
1280
|
}
|
|
1252
1281
|
async createFileDirectory() {
|
|
1253
1282
|
try {
|
|
1254
|
-
await fs.promises.mkdir(path.dirname(this.filePath), {
|
|
1283
|
+
await fs.promises.mkdir(path.dirname(this.filePath), {
|
|
1284
|
+
recursive: true,
|
|
1285
|
+
mode: DIR_MODE,
|
|
1286
|
+
});
|
|
1255
1287
|
}
|
|
1256
1288
|
catch (err) {
|
|
1257
1289
|
if (isNodeError(err)) {
|
|
@@ -1702,7 +1734,7 @@ class PersistenceCreator {
|
|
|
1702
1734
|
|
|
1703
1735
|
/* eslint-disable header/header */
|
|
1704
1736
|
const name = "@azure/msal-node-extensions";
|
|
1705
|
-
const version = "5.2.
|
|
1737
|
+
const version = "5.2.4";
|
|
1706
1738
|
|
|
1707
1739
|
/*
|
|
1708
1740
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|