@equinor/fusion-framework-module-msal 5.1.2 → 6.0.0-next.0

package/dist/types/v2/client/client.d.ts

@@ -1,89 +0,0 @@
-import { PublicClientApplication, type Configuration, type AuthenticationResult, type AccountInfo as AccountInfoBase } from '@azure/msal-browser';
-import { type AuthBehavior } from './behavior';
-import type { AuthRequest } from './request';
-export type IdTokenClaims = {
-    aud: string;
-    exp: number;
-};
-export type AccountInfo = AccountInfoBase & {
-    idTokenClaims?: IdTokenClaims;
-};
-/**
- * ### Simple extension of Microsoft`s authentication client.
- *
- * When using this client tenant is **required** since common login is deprecated after all.
- * By providing tenant the user account can simple be extracted from current session *if any*.
- *
- * @example
- * ```typescript
- * const tenantId = '224123a0d-7990-4ba1-aff3-1dss9569af32';
- * const authPath = '/my-app/auth';
- * const client = new AuthClient(tenantId, {
- *    auth: {
- *        clientId: '6dab35d4-59ff-4dcc-3356-24479e6fc888',
- *        authority: `https://login.microsoftonline.com/${tenantId}`,
- *        redirectUri:  window.location.origin + '/my-app/auth'
- *    }
- * });
- * document.getElementById('login-btn').addEventListener('click', () =>
- *    client.login({ scopes: ['data.read'] })
- *      .then(console.log)
- *      .catch(console.error)
- * );
- * (async() => {
- *    if(window.location.path === authPath) {
- *        await client.handleRedirectPromise()
- *    }
- * )();
- * ```
- * @see [Microsoft Authentication Library](https://github.com/AzureAD/microsoft-authentication-library-for-js)
- * @see [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow)
- */
-export declare class AuthClient extends PublicClientApplication {
-    readonly tenantId: string;
-    /**
-     * @returns
-     * Returns account for client tenant that MSAL currently has data for.
-     * (the account object is created at the time of successful login)
-     */
-    get account(): AccountInfo | undefined;
-    get hasValidClaims(): boolean;
-    /**
-     * @returns - Configured client id
-     */
-    get clientId(): string | undefined;
-    get requestOrigin(): string | null;
-    /**
-     * @param tenantId - tenant id for client domain
-     * @param config - required [Configuration](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/src/config/Configuration.ts)
-     */
-    constructor(tenantId: string, config: Configuration);
-    /**
-     * @param silent
-     * Attempt to use a hidden iframe to fetch an authorization code from the eSTS if {@link AuthClient.account} or login hint.
-     * Provided {@link AuthBehavior} is used as fallback.
-     * There are cases where this may not work:
-     * - Any browser using a form of Intelligent Tracking Prevention
-     * - If there is not an established session with the service
-     *
-     * @returns
-     * Promise that is fulfilled when this function has completed, or rejected if an error was raised.
-     */
-    login(options?: AuthRequest, behavior?: AuthBehavior, silent?: boolean): Promise<AuthenticationResult | void>;
-    /**
-     * Will try to silently acquire an access token for a given set of scopes.
-     * Will use cached token if available, otherwise will attempt to acquire a new token from the network via refresh token.
-     *
-     * @param silent
-     * Attempt to use a hidden iframe to fetch an authorization code from the eSTS if {@link AuthClient.account} or login hint.
-     * Provided {@link AuthBehavior} is used as fallback.
-     * There are cases where this may not work:
-     * - Any browser using a form of Intelligent Tracking Prevention
-     * - If there is not an established session with the service
-     *
-     * @returns
-     * Promise that is fulfilled when this function has completed, or rejected if an error was raised.
-     */
-    acquireToken(options?: AuthRequest, behavior?: AuthBehavior, silent?: boolean): Promise<AuthenticationResult | void>;
-}
-export default AuthClient;

package/dist/types/v2/client/create-auth-client.d.ts

@@ -1,27 +0,0 @@
-import type { Configuration, IPublicClientApplication } from '@azure/msal-browser';
-import { AuthClient } from './client';
-export type AuthClientConfig = Configuration & {
-    auth: Partial<Configuration['auth']>;
-};
-/**
- * Creates an authentication client with basic config.
- *
- * @example
- * ```typescript
- * const myClient = createClient(
- *  '224123a0d-7990-4ba1-aff3-1dss9569af32',
- *  '6dab35d4-59ff-4dcc-3356-24479e6fc888',
- *  '/my-app/auth'
- * );
- * ```
- *
- * @template T - client type, default to {@link AuthClient}
- *
- * @param tenantId - tenant to for authentication
- * @param clientId - client id for authentication
- * @param redirectUri - callback url for authentication (must match exact configured url in app)
- * @param config - optional [Configuration](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/src/config/Configuration.ts)
- * @param ctor - optional client class
- */
-export declare const createAuthClient: <T extends IPublicClientApplication = AuthClient>(tenantId: string, clientId: string, redirectUri?: string, config?: AuthClientConfig, ctor?: new (tenantId: string, config: Configuration) => T) => T;
-export default createAuthClient;

package/dist/types/v2/client/index.d.ts

@@ -1,5 +0,0 @@
-export type { AuthenticationResult } from '@azure/msal-browser';
-export { default, createAuthClient, AuthClientConfig } from './create-auth-client';
-export { ConsoleLogger } from './log/console';
-export * from './client';
-export * from './request';

package/dist/types/v2/client/log/console.d.ts

@@ -1,28 +0,0 @@
-import { Logger, LogLevel } from '@azure/msal-browser';
-/**
- * Logger functions of {@link Console}
- */
-type ConsoleLevel = 'error' | 'warn' | 'info' | 'debug';
-/**
- * MSAL client logger for development, production should use telemetry
- *
- * @example
- * ```typescript
- * client.setLogger(new ConsoleLogger());
- * ```
- */
-export declare class ConsoleLogger extends Logger {
-    /**
-     * @param logLevel - 0-1-2-3 (error-warning-info-debug) if not provided all records logged
-     */
-    constructor(logLevel?: LogLevel);
-    /** @inheritdoc */
-    protected loggerCallback(lvl: LogLevel, msg: string, _containsPii?: boolean): void;
-    /**
-     * Map log level to console log function type
-     *
-     * @default LogLevel.Verbose
-     */
-    protected getLogType: (lvl: LogLevel) => ConsoleLevel;
-}
-export default ConsoleLogger;

package/dist/types/v2/client/request.d.ts

@@ -1,65 +0,0 @@
-import type { PopupRequest, RedirectRequest } from '@azure/msal-browser';
-/**
- * Request object passed by user to retrieve a Code from the
- * server (first leg of authorization code grant flow).
- *
- * **scopes**\
- * Array of scopes the application is requesting access to.
- *
- * **authority**\
- * Url of the authority which the application acquires tokens from.
- *
- * **correlationId**\
- * Unique GUID set per request to trace a request end-to-end for telemetry purposes.
- *
- * **redirectUri**\
- * The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
- *
- * **extraScopesToConsent**\
- * Scopes for a different resource when the user needs consent upfront.
- *
- * **responseMode**\
- * Specifies the method that should be used to send the authentication result to your app. Fragment is the only valid option for msal-browser.
- *
- * **codeChallenge**\
- * Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE). For more information, see the PKCE RCF:https://tools.ietf.org/html/rfc7636
- *
- * **codeChallengeMethod**\
- * The method used to encode the code verifier for the code challenge parameter. Can be "plain" or "S256". If excluded, code challenge is assumed to be plaintext. For more information, see the PKCE RCF: https://tools.ietf.org/html/rfc7636
- *
- * **state**\
- * A value included in the request that is also returned in the token response. A randomly generated unique value is typically used for preventing cross site request forgery attacks. The state is also used to encode information about the user's state in the app before the authentication request occurred.
- *
- * **prompt**\
- * Indicates the type of user interaction that is required.
- * - login: will force the user to enter their credentials on that request, negating single-sign on
- * - none:  will ensure that the user isn't presented with any interactive prompt. if request can't be completed via single-sign on, the endpoint will return an interaction_required error
- * - consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app
- * - select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in session or any remembered accounts or an option to choose to use a different account
- *
- * **loginHint**\
- * Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know the username/email address ahead of time. Often apps use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim.
- *
- * **sid**\
- * Session ID, unique identifier for the session. Available as an optional claim on ID tokens.
- *
- * **domainHint**\
- * Provides a hint about the tenant or domain that the user should use to sign in. The value of the domain hint is a registered domain for the tenant.
- *
- * **extraQueryParameters**\
- * String to string map of custom query parameters.
- *
- * **claims**\
- * In cases where Azure AD tenant admin has enabled conditional access policies, and the policy has not been met, exceptions will contain claims that need to be consented to.
- *
- * **nonce**\
- * A value included in the request that is returned in the id token. A randomly generated unique value is typically used to mitigate replay attacks.
- *
- * **redirectStartPage**\
- * The page that should be returned to after loginRedirect or acquireTokenRedirect.
- * This should only be used if this is different from the redirectUri and will default to the page that initiates the request.
- * When the navigateToLoginRequestUrl config option is set to false this parameter will be ignored.
- *
- * @see [microsoft-authentication-library-for-js](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser/src/request)
- */
-export type AuthRequest = PopupRequest | RedirectRequest;

package/dist/types/v2/configurator.d.ts

@@ -1,32 +0,0 @@
-import z from 'zod';
-import { BaseConfigBuilder } from '@equinor/fusion-framework-module';
-import { MsalModuleVersion } from '../static';
-import type { IAuthProvider } from './provider';
-declare const AuthClientConfigSchema: z.ZodObject<{
-    clientId: z.ZodString;
-    tenantId: z.ZodString;
-    redirectUri: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
-declare const AuthClientSchema: z.ZodCustom<IAuthProvider, IAuthProvider>;
-declare const AuthConfigSchema: z.ZodObject<{
-    client: z.ZodOptional<z.ZodObject<{
-        clientId: z.ZodString;
-        tenantId: z.ZodString;
-        redirectUri: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
-    provider: z.ZodOptional<z.ZodCustom<IAuthProvider, IAuthProvider>>;
-    requiresAuth: z.ZodOptional<z.ZodBoolean>;
-    version: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
-}, z.core.$strip>;
-export type AuthClientConfig = z.infer<typeof AuthClientConfigSchema>;
-export type AuthConfig = z.infer<typeof AuthConfigSchema>;
-export declare class AuthConfigurator extends BaseConfigBuilder<AuthConfig> {
-    version: MsalModuleVersion.Latest;
-    constructor();
-    setClientConfig(config?: z.infer<typeof AuthClientConfigSchema>): void;
-    setRequiresAuth(requiresAuth: boolean): void;
-    setProvider(provider?: z.infer<typeof AuthClientSchema>): void;
-    setVersion(version: string): void;
-    _processConfig(config: AuthConfig): Promise<AuthConfig>;
-}
-export {};

package/dist/types/v2/index.d.ts

@@ -1,2 +0,0 @@
-export { type AuthConfig, AuthConfigurator, AuthClientConfig } from './configurator';
-export { type IAuthProvider, AuthProvider } from './provider';

package/dist/types/v2/provider.d.ts

@@ -1,59 +0,0 @@
-import { type AuthClient, type AuthRequest } from './client';
-import type { AuthClientConfig } from './configurator';
-import type { AccountInfo, AuthenticationResult } from './types';
-import type { IProxyProvider } from '../types';
-import { BaseModuleProvider } from '@equinor/fusion-framework-module/provider';
-export interface IAuthProvider {
-    /**
-     * @deprecated
-     */
-    readonly defaultConfig: any | undefined;
-    readonly defaultAccount: AccountInfo | undefined;
-    readonly client: AuthClient;
-    /**
-     * Acquire token from default auth client
-     * @param req Auth request options
-     */
-    acquireToken(req: AuthRequest): Promise<AuthenticationResult | void>;
-    /**
-     * Acquire access token from default auth client
-     * @param req Auth request options
-     */
-    acquireAccessToken(req: AuthRequest): Promise<string | undefined>;
-    /**
-     * Login to default auth client
-     */
-    login(): Promise<void>;
-    /**
-     * Logout
-     */
-    logout(options?: {
-        redirectUri?: string;
-    }): Promise<void>;
-    /**
-     * Handle default client redirect callback
-     */
-    handleRedirect(): Promise<void | null>;
-}
-export declare class AuthProvider extends BaseModuleProvider<AuthClientConfig> implements IAuthProvider, IProxyProvider {
-    #private;
-    protected _config: AuthClientConfig;
-    get defaultAccount(): AccountInfo | undefined;
-    /** @deprecated */
-    get defaultConfig(): AuthClientConfig | undefined;
-    constructor(_config: AuthClientConfig);
-    get client(): AuthClient;
-    /** @deprecated */
-    createClient(): AuthClient;
-    handleRedirect(): Promise<null>;
-    acquireToken(req: AuthRequest): ReturnType<IAuthProvider['acquireToken']>;
-    acquireAccessToken(req: AuthRequest): Promise<string | undefined>;
-    login(options?: {
-        onlyIfRequired?: boolean;
-    }): Promise<void>;
-    logout(options?: {
-        redirectUri?: string;
-    }): Promise<void>;
-    createProxyProvider<T = IAuthProvider>(version: string): T;
-    _createProxyProvider_v2(): IAuthProvider;
-}

package/src/v2/client/behavior.ts

@@ -1,14 +0,0 @@
-/**
- * - **Popup:**
- *   Use when initiating the process via opening a popup window in the user's browser
- *
- * - **Redirect:**
- *   Use when initiating the login process by redirecting the user's browser to the authorization endpoint.
- *   This function redirects the page, so any code that follows this function will not execute.
- */
-export type AuthBehavior = 'popup' | 'redirect';
-
-/**
- * Default behavior for login and acquisition of token
- */
-export const defaultBehavior: AuthBehavior = 'redirect';

package/src/v2/client/client.ts

@@ -1,180 +0,0 @@
-import {
-  PublicClientApplication,
-  type Configuration,
-  type AuthenticationResult,
-  type SsoSilentRequest,
-  type PopupRequest,
-  type RedirectRequest,
-  type AccountInfo as AccountInfoBase,
-} from '@azure/msal-browser';
-
-import { type AuthBehavior, defaultBehavior } from './behavior';
-import type { AuthRequest } from './request';
-
-export type IdTokenClaims = {
-  aud: string;
-  exp: number;
-};
-
-export type AccountInfo = AccountInfoBase & {
-  idTokenClaims?: IdTokenClaims;
-};
-
-/**
- * ### Simple extension of Microsoft`s authentication client.
- *
- * When using this client tenant is **required** since common login is deprecated after all.
- * By providing tenant the user account can simple be extracted from current session *if any*.
- *
- * @example
- * ```typescript
- * const tenantId = '224123a0d-7990-4ba1-aff3-1dss9569af32';
- * const authPath = '/my-app/auth';
- * const client = new AuthClient(tenantId, {
- *    auth: {
- *        clientId: '6dab35d4-59ff-4dcc-3356-24479e6fc888',
- *        authority: `https://login.microsoftonline.com/${tenantId}`,
- *        redirectUri:  window.location.origin + '/my-app/auth'
- *    }
- * });
- * document.getElementById('login-btn').addEventListener('click', () =>
- *    client.login({ scopes: ['data.read'] })
- *      .then(console.log)
- *      .catch(console.error)
- * );
- * (async() => {
- *    if(window.location.path === authPath) {
- *        await client.handleRedirectPromise()
- *    }
- * )();
- * ```
- * @see [Microsoft Authentication Library](https://github.com/AzureAD/microsoft-authentication-library-for-js)
- * @see [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow)
- */
-export class AuthClient extends PublicClientApplication {
-  /**
-   * @returns
-   * Returns account for client tenant that MSAL currently has data for.
-   * (the account object is created at the time of successful login)
-   */
-  get account(): AccountInfo | undefined {
-    const accounts = this.getAllAccounts();
-    const account = accounts.find((a) => (a as AccountInfo).idTokenClaims?.aud === this.clientId);
-    return account as AccountInfo;
-  }
-
-  get hasValidClaims(): boolean {
-    const idTokenClaims = this.account?.idTokenClaims;
-    if (idTokenClaims) {
-      const epoch = Math.ceil(Date.now() / 1000);
-      return idTokenClaims.exp > epoch;
-    }
-    return false;
-  }
-
-  /**
-   * @returns - Configured client id
-   */
-  get clientId(): string | undefined {
-    return this.config.auth?.clientId;
-  }
-
-  get requestOrigin(): string | null {
-    return this.browserStorage.getTemporaryCache('request.origin', true);
-  }
-
-  /**
-   * @param tenantId - tenant id for client domain
-   * @param config - required [Configuration](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/src/config/Configuration.ts)
-   */
-  constructor(
-    readonly tenantId: string,
-    config: Configuration,
-  ) {
-    super(config);
-  }
-
-  /**
-   * @param silent
-   * Attempt to use a hidden iframe to fetch an authorization code from the eSTS if {@link AuthClient.account} or login hint.
-   * Provided {@link AuthBehavior} is used as fallback.
-   * There are cases where this may not work:
-   * - Any browser using a form of Intelligent Tracking Prevention
-   * - If there is not an established session with the service
-   *
-   * @returns
-   * Promise that is fulfilled when this function has completed, or rejected if an error was raised.
-   */
-  async login(
-    options?: AuthRequest,
-    behavior: AuthBehavior = defaultBehavior,
-    silent = true,
-  ): Promise<AuthenticationResult | void> {
-    const loginHint = options?.loginHint || this.account?.username;
-    const scopes = options?.scopes || [];
-    const request = { ...options, loginHint, scopes };
-
-    if (loginHint && silent) {
-      this.logger.verbose('Attempting to login in silently');
-      try {
-        const res = await this.ssoSilent(request as SsoSilentRequest);
-        return res;
-      } catch {
-        this.logger.verbose('Silent login attempt failed');
-      }
-    }
-
-    this.logger.verbose(`Attempting to login in by [${behavior}]`);
-
-    switch (behavior) {
-      case 'popup':
-        return this.loginPopup(request as PopupRequest);
-      case 'redirect': {
-        return this.loginRedirect(request as RedirectRequest);
-      }
-    }
-  }
-
-  /**
-   * Will try to silently acquire an access token for a given set of scopes.
-   * Will use cached token if available, otherwise will attempt to acquire a new token from the network via refresh token.
-   *
-   * @param silent
-   * Attempt to use a hidden iframe to fetch an authorization code from the eSTS if {@link AuthClient.account} or login hint.
-   * Provided {@link AuthBehavior} is used as fallback.
-   * There are cases where this may not work:
-   * - Any browser using a form of Intelligent Tracking Prevention
-   * - If there is not an established session with the service
-   *
-   * @returns
-   * Promise that is fulfilled when this function has completed, or rejected if an error was raised.
-   */
-  public async acquireToken(
-    options: AuthRequest = { scopes: [] },
-    behavior: AuthBehavior = defaultBehavior,
-    silent = true,
-  ): Promise<AuthenticationResult | void> {
-    const account = await this.account;
-    if (silent && account) {
-      this.logger.verbose('Attempting to acquire token in silently');
-      try {
-        const token = await this.acquireTokenSilent({ account, ...options });
-        return token;
-      } catch (err) {
-        this.logger.info('Expected to navigate away from the current page but timeout occurred.');
-      }
-    }
-
-    this.logger.verbose(`Attempting to acquire token by [${behavior}]`);
-
-    switch (behavior) {
-      case 'popup':
-        return this.acquireTokenPopup(options);
-      case 'redirect': {
-        return this.acquireTokenRedirect(options);
-      }
-    }
-  }
-}
-
-export default AuthClient;

package/src/v2/client/create-auth-client.ts

@@ -1,48 +0,0 @@
-import type { Configuration, IPublicClientApplication } from '@azure/msal-browser';
-import { AuthClient } from './client';
-import { normalizeUri } from './util/url';
-
-export type AuthClientConfig = Configuration & {
-  auth: Partial<Configuration['auth']>;
-};
-
-/**
- * Creates an authentication client with basic config.
- *
- * @example
- * ```typescript
- * const myClient = createClient(
- *  '224123a0d-7990-4ba1-aff3-1dss9569af32',
- *  '6dab35d4-59ff-4dcc-3356-24479e6fc888',
- *  '/my-app/auth'
- * );
- * ```
- *
- * @template T - client type, default to {@link AuthClient}
- *
- * @param tenantId - tenant to for authentication
- * @param clientId - client id for authentication
- * @param redirectUri - callback url for authentication (must match exact configured url in app)
- * @param config - optional [Configuration](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/src/config/Configuration.ts)
- * @param ctor - optional client class
- */
-export const createAuthClient = <T extends IPublicClientApplication = AuthClient>(
-  tenantId: string,
-  clientId: string,
-  redirectUri?: string,
-  config?: AuthClientConfig,
-  ctor?: new (tenantId: string, config: Configuration) => T,
-): T => {
-  const auth: Configuration['auth'] = {
-    clientId,
-    redirectUri: normalizeUri(redirectUri || ''),
-    navigateToLoginRequestUrl: false,
-    authority: `https://login.microsoftonline.com/${tenantId}`,
-    ...config?.auth,
-  };
-  const cache = { cacheLocation: 'localStorage', ...config?.cache };
-  const system = config?.system;
-  return new (ctor || AuthClient)(tenantId, { auth, cache, system }) as T;
-};
-
-export default createAuthClient;

package/src/v2/client/index.ts

@@ -1,8 +0,0 @@
-export type { AuthenticationResult } from '@azure/msal-browser';
-
-export { default, createAuthClient, AuthClientConfig } from './create-auth-client';
-
-export { ConsoleLogger } from './log/console';
-
-export * from './client';
-export * from './request';

package/src/v2/client/log/console.ts

@@ -1,58 +0,0 @@
-import { Logger, LogLevel } from '@azure/msal-browser';
-
-/**
- * Logger functions of {@link Console}
- */
-type ConsoleLevel = 'error' | 'warn' | 'info' | 'debug';
-
-/**
- * MSAL client logger for development, production should use telemetry
- *
- * @example
- * ```typescript
- * client.setLogger(new ConsoleLogger());
- * ```
- */
-export class ConsoleLogger extends Logger {
-  /**
-   * @param logLevel - 0-1-2-3 (error-warning-info-debug) if not provided all records logged
-   */
-  constructor(logLevel?: LogLevel) {
-    super({
-      logLevel,
-      loggerCallback: (...args: [LogLevel, string, boolean]) => this.loggerCallback(...args),
-    });
-  }
-
-  /** @inheritdoc */
-  protected loggerCallback(lvl: LogLevel, msg: string, _containsPii?: boolean): void {
-    console[this.getLogType(lvl)](
-      '%c FUSION::MSAL %c %s',
-      'border: 1px solid;',
-      'border: none;',
-      msg,
-    );
-  }
-
-  /**
-   * Map log level to console log function type
-   *
-   * @default LogLevel.Verbose
-   */
-  protected getLogType = (lvl: LogLevel): ConsoleLevel => {
-    switch (lvl) {
-      case LogLevel.Error:
-        return 'error';
-      case LogLevel.Warning:
-        return 'warn';
-      case LogLevel.Info:
-        return 'info';
-      case LogLevel.Verbose:
-        return 'debug';
-      default:
-        return this.getLogType(LogLevel.Verbose);
-    }
-  };
-}
-
-export default ConsoleLogger;